A Model of Authority in the Web

If you read:

If Laurie comes to the party, I will too.

in a hand-written note from your friend, you take it in one way, but if you read it in a cartoon about your friend, it's completely different. Only in the first case would you be genuinely dissapointed if Laurie came to the party and your friend didn't.

In network protocols, the difference can lead to anything from software glitches to major security problems. Though the security considerations sections of the specifications of web protocols such as HTTP admonish designers to consider known risks, the HTTP protocol itself puts no constraints on which return codes and what content web servers choose for their responses; the difference is outside its formal scope. A formal system that does capture the difference is ABLP logic, which was designed to model trust and authority in distributed systems [TOPLAS93] [SRC91].

We suggest that an architectural constraint layered on top of HTTP and ABLP logic contributes to anarchic scalability of linked data applications and points out challenges in securing mashup applications.

Author:Dan Connolly
Status:Work in Progress
Date:$Date: 2009/12/22 16:19:08 $
Version:$Revision: 1.27 $


  1. Decision making in ABLP logic introduces ABLP logic using ordinary decision making.
  2. Speech acts in HTTP relates HTTP requests and replies to ABLP speech acts.
    • TODO: discuss InformationResource vs Principal.
  3. Recognizing the social aspect of HTTP prose TODO
  4. Indirection needs Redirection logically supports intuitive notions about redirection using the new contraint.
  5. Mashup Speech Acts discusses XSRF and same origin using:
  6. Appendixes

TODO: use .. examples mechanism in each section.

Wish list

Stuff I hope to get to in due course:

  • Agency in HTML; i.e. <address>, <blockquote> elements.
  • Documents and Documents: i.e. Documents as in XML document, a bag-o-bits, and Document as in 'front page of the new york times', a service. (Fielding says something about future expecation, yes?)


[TOPLAS93]M. Abadi, M. Burrows, B. Lampson and G. Plotkin, A Calculus for Access Control in Distributed Systems, TOPLAS 1993
[SRC91]SRC-RR-70 A calculus for access control in distributed systems. - Abadi, Martin; Burrows, M.; Lampson, B.; Plotkin, G.