This would require some sort of single-sign-on, or capabilities system. Would lo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		clord on July 23, 2012 \| parent \| context \| favorite \| on: Passing Pointers This would require some sort of single-sign-on, or capabilities system. Would love to see capabilities-based security for web services, actually. "Here is a token that grants permission to service X to perform action Y for duration Z." Can OpenID and ilk do this? Anyway, apps that don't need security should be as you describe already.

Kevin_Marks on July 23, 2012 [–]

This is pretty much exactly what OAuth does - enables the user to authorize a web service to access another one on their behalf, with per-app, per-user constraints.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact