[jballanc]

There was a paper a couple years ago out of Microsoft research (if I recall correctly), that looked at a number of vulnerabilities in OAuth as used by Facebook, Twitter, and a few others. The ah-hah moment for me, though, was that they identified these vulnerabilities by turning the usual view of a web app inside-out: instead of viewing the client/browser as one endpoint on a communications channel, they treated the browser as a de facto man-in-the-middle. For OAuth, it is responsible for passing along messages between the OAuth provider and the authentication requesting website. In the case described in this article, the browser is just a MITM for a server sending messages to itself.

[sanderjd]

I haven't seen that paper, but it strikes me as being exactly the right model. A lot of vulnerabilities on the web seem to arise from the tension between the goal to require as little persistent state as possible to serve requests, and the browser as a public channel that any non-persisted state must be sent across.