Capability Use Cases in Web Applications

Capabilities provide a flexible way to manage authorization---if done right, they provide users with an intuitive way of granting permissions in such a way that they understand the possible effects of granting authority.

Below are some scenarios where capabilities might be used by web applications.

• User drags their Gmail contact list onto facebook---no more asking for passwords to other sites
• Dragging photos from Flickr, or an entire album, onto a mail message---capabilities can describe authority at multiple levels: just this item, this whole group.
• Drag a schedule me link from a Calendar App to an airline booking site---capabilities can grant authority to perform a single-use edit. Write authority need not imply read authority.
• A site includes a rating plugin and gives it authority to modify a dom subtree---third party code can be run inline in a page, and effectively sandboxed.
• A third party could port emacs lisp (and therefore all of emacs) to javascript; google users could use the editor on their docs without worrying that it was sending the contents to the emacs-js author; also users could be sure that a malicious editor could only corrupt files it was explicitly given permission to edit, rather than all of their google docs.
• A plugin like Gears could grant scripts access to files that the user specifies by a file dialog. Access to the file is a capability and since the only way to get one is via a file dialog, a website can only touch files the user picks.