In Authorization Based Access Control (ABAC) systems built with object-capabilities, an access policy is expressed by the shape of a reference graph: what a user can do is determined by where they are in the reference graph and what other parts of the graph are reachable from that point. By applying some basic cryptography to create links that act as “webkeys”, we can construct URL graphs that are compatible with today’s WWW infrastructure and additionally provide the…