Skip to content
Work on good practices for the use of capability URLs
Branch: gh-pages
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Capability URLs

There are two broad methods of controlling access to information that is published on the web:

  1. the server can have access control measures that require people accessing the content to provide the correct token(s) (such as a password) before the content is accessible
  2. the information can be published at an obscure or unguessable URL, and links to it only provided to people who have permission to access it

The URLs used in the second method are known as "capability URLs": an agent who possesses the URL is given the capability to access the information.

The goal of this project is to create a document that describes

  • cases where capability URLs are used on the web today
  • advantages and disadvantages of using capability URLs to control access to content
  • design considerations when creating websites that use capability URLs
  • areas of technical development to support the use of capability URLs
You can’t perform that action at this time.