Groups
Groups
Sign in
Groups
Groups
cap-talk
Conversations
About
Send feedback
Help
cap-talk
Contact owners and managers
1–30 of 490
Mark all as read
Report group
0 selected
Alan Karp
Sep 2
More on TBAC
https://www.linkedin.com/pulse/mobile-multi-token-challenge-mike-schwartz-nlxtc/ I'm not sure
unread,
More on TBAC
https://www.linkedin.com/pulse/mobile-multi-token-challenge-mike-schwartz-nlxtc/ I'm not sure
Sep 2
Alan Karp
Aug 28
Using Cedar policies to hand out capabilities
https://github.com/JanssenProject/jans/wiki/TBAC-Registry/ (Cedar is a policy engine from AWS.) -----
unread,
Using Cedar policies to hand out capabilities
https://github.com/JanssenProject/jans/wiki/TBAC-Registry/ (Cedar is a policy engine from AWS.) -----
Aug 28
Mark S. Miller
, …
William ML Leslie
12
Aug 26
OCaps and metering
On Wed, 27 Aug 2025 at 12:30, William ML Leslie <william.l...@gmail.com> wrote: On Tue,
unread,
OCaps and metering
On Wed, 27 Aug 2025 at 12:30, William ML Leslie <william.l...@gmail.com> wrote: On Tue,
Aug 26
Alan Karp
, …
Mark S. Miller
9
Aug 26
Access control use cases
There are a number of examples of vibe coding available on the web. In one of them, they constructed
unread,
Access control use cases
There are a number of examples of vibe coding available on the web. In one of them, they constructed
Aug 26
Rob Meijer
,
Alan Karp
4
Aug 25
Least-authority web-3 subkey management: allowing root level accumulation?
Thanks for the explanation. I understood about 10% of it, which means I won't be of much help to
unread,
Least-authority web-3 subkey management: allowing root level accumulation?
Thanks for the explanation. I understood about 10% of it, which means I won't be of much help to
Aug 25
Alan Karp
, …
Jonathan S. Shapiro
42
Aug 23
Is this a confused deputy?
Charlie Landau: Sent an email to your personal address with no reply. Check spam? On Wed, Jun 11,
unread,
Is this a confused deputy?
Charlie Landau: Sent an email to your personal address with no reply. Check spam? On Wed, Jun 11,
Aug 23
Alan Karp
Aug 23
This actually looks pretty good
https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/ It contains a bit more
unread,
This actually looks pretty good
https://datatracker.ietf.org/doc/draft-ietf-oauth-identity-chaining/ It contains a bit more
Aug 23
John Carlson
, …
David Nicol
12
Aug 19
Napster with object-capabilities
I'm no IPFS expert; I'm just pointing out that IPFS is an available distributed file-sharing
unread,
Napster with object-capabilities
I'm no IPFS expert; I'm just pointing out that IPFS is an available distributed file-sharing
Aug 19
Alan Karp
,
John Carlson
5
Aug 4
Fwd: Signs of adoption of CCG specifications
(Adding cap-talk back into the discussion. My bad for dropping it.) -------------- Alan Karp On Mon,
unread,
Fwd: Signs of adoption of CCG specifications
(Adding cap-talk back into the discussion. My bad for dropping it.) -------------- Alan Karp On Mon,
Aug 4
Alan Karp
,
John Carlson
3
Jul 30
A nice turn of phrase
On Wed, Jul 30, 2025 at 10:04 AM John Carlson <yott...@gmail.com> wrote: What are the entity
unread,
A nice turn of phrase
On Wed, Jul 30, 2025 at 10:04 AM John Carlson <yott...@gmail.com> wrote: What are the entity
Jul 30
John Carlson
,
Alan Karp
7
Jul 19
Redoing OAuth for metaservers?
Okay, my next thought was to send socket.io connection strings (like host and port, plus and room/
unread,
Redoing OAuth for metaservers?
Okay, my next thought was to send socket.io connection strings (like host and port, plus and room/
Jul 19
Mark S. Miller
Jul 8
3rd Norm Hardy Prize! July 31 Deadline
https://foresight.org/norm-hardy-prize/ -- Cheers, --MarkM
unread,
3rd Norm Hardy Prize! July 31 Deadline
https://foresight.org/norm-hardy-prize/ -- Cheers, --MarkM
Jul 8
Alan Karp
,
John Kemp
4
Jun 13
Relevant to the recent thread
El 06/13/25 a las 16:08, Alan Karp escribió: > I read through your slides, and now I wish I could
unread,
Relevant to the recent thread
El 06/13/25 a las 16:08, Alan Karp escribió: > I read through your slides, and now I wish I could
Jun 13
Alan Karp
,
Mark S. Miller
2
May 17
Capabilities and prompt injection
On Fri, May 16, 2025 at 9:16 PM Alan Karp <alan...@gmail.com> wrote: I found the statement I
unread,
Capabilities and prompt injection
On Fri, May 16, 2025 at 9:16 PM Alan Karp <alan...@gmail.com> wrote: I found the statement I
May 17
Raoul Duke
Apr 28
et tu usb?
> Changes here have a negative impact on the user experience, which is why manufacturers are
unread,
et tu usb?
> Changes here have a negative impact on the user experience, which is why manufacturers are
Apr 28
F. Randall Farmer
, …
Mark S. Miller
5
Mar 7
DNS for ocapn.org expiring soon...
Still interested enough. I'll take it. Thanks! On Fri, Mar 7, 2025 at 12:10 PM F. Randall Farmer
unread,
DNS for ocapn.org expiring soon...
Still interested enough. I'll take it. Thanks! On Fri, Mar 7, 2025 at 12:10 PM F. Randall Farmer
Mar 7
John Carlson
, …
Alan Karp
23
Jan 22
Loops in revocable capability chains .
While we're on the (off) topic, the W3C community uses Jitsi for its meetings. --------------
unread,
Loops in revocable capability chains .
While we're on the (off) topic, the W3C community uses Jitsi for its meetings. --------------
Jan 22
John Carlson
Jan 21
Strawman: Multiparty encrypted content
Copyright 2024 John Carlson I don't remember if I sent this or not. There are corrections. Multi-
unread,
Strawman: Multiparty encrypted content
Copyright 2024 John Carlson I don't remember if I sent this or not. There are corrections. Multi-
Jan 21
Alan Karp
Jan 20
Delegation in SOLID
Solid is Tim Berners-Lee's new vision for the web. Access control uses ACLs. https://ceur-ws.org/
unread,
Delegation in SOLID
Solid is Tim Berners-Lee's new vision for the web. Access control uses ACLs. https://ceur-ws.org/
Jan 20
John Carlson
10/21/24
Desktop version works on Safari web
But it really is unfriendly.
unread,
Desktop version works on Safari web
But it really is unfriendly.
10/21/24
Mark S. Miller
,
John Carlson
3
10/21/24
I send this using the "+ New Conversation" button on the web ui.
Apparently the iPhone web UI experience is different, or I'm missing something obvious. I'll
unread,
I send this using the "+ New Conversation" button on the web ui.
Apparently the iPhone web UI experience is different, or I'm missing something obvious. I'll
10/21/24
Kevin Reid
, …
Mark S. Miller
3
10/20/24
Goblins CapTP
None of my experiments were from an iphone or from Safari. All were from Brave on my Mac laptop. On
unread,
Goblins CapTP
None of my experiments were from an iphone or from Safari. All were from Brave on my Mac laptop. On
10/20/24
Raoul Duke
10/14/24
Indirection kills security.
https://news.ycombinator.com/item?id=41818459 An empirical soap box conclusion is that indirection
unread,
Indirection kills security.
https://news.ycombinator.com/item?id=41818459 An empirical soap box conclusion is that indirection
10/14/24
Raoul Duke
, …
John Carlson
19
9/26/24
web cors alternative advocacy
Yes, at a fundamental level. But there should be a wide variety of ways to organize contact names,
unread,
web cors alternative advocacy
Yes, at a fundamental level. But there should be a wide variety of ways to organize contact names,
9/26/24
Alan Karp
9/14/24
A simple introduction to OAuth 2
https://stack-auth.com/blog/oauth-from-first-principles?utm_source=substack&utm_medium=email does
unread,
A simple introduction to OAuth 2
https://stack-auth.com/blog/oauth-from-first-principles?utm_source=substack&utm_medium=email does
9/14/24
Raoul Duke
7/7/24
usability lets us down
Re: Signal desktop app not encrypting encryption keys, if the host OS eg linux does not have solid ux
unread,
usability lets us down
Re: Signal desktop app not encrypting encryption keys, if the host OS eg linux does not have solid ux
7/7/24
Raoul Duke
6/26/24
better than oauth et. al.?
security is hard, so is usability. it would be interesting if there are things which are less bad
unread,
better than oauth et. al.?
security is hard, so is usability. it would be interesting if there are things which are less bad
6/26/24
Alan Karp
4/3/24
Certificate capability system when nodes can't sign
I've been lurking on the Distributed Web Node (DWN) working group meetings. A DWN is a set of
unread,
Certificate capability system when nodes can't sign
I've been lurking on the Distributed Web Node (DWN) working group meetings. A DWN is a set of
4/3/24
Mark S. Miller
3/14/24
Fwd: Opportunity in Usable Security: Applications wanted for the Norm Hardy Prize
---------- Forwarded message --------- From: Foresight Intelligent Cooperation Group <foresight-
unread,
Fwd: Opportunity in Usable Security: Applications wanted for the Norm Hardy Prize
---------- Forwarded message --------- From: Foresight Intelligent Cooperation Group <foresight-
3/14/24
Alan Karp
2/26/24
Expressing policies in capability systems
Rich Authorization Request extension to OAuth 2 is a way to express access policies in a capability
unread,
Expressing policies in capability systems
Rich Authorization Request extension to OAuth 2 is a way to express access policies in a capability
2/26/24
