[cap-talk] In Defense of Identities
Karp, Alan H
alan.karp at hp.com
Tue Dec 5 09:23:58 CST 2006
Jonathan makes some excellent points in his essay. (It's more than a
note, isn't it.) However, I disagree with his recommendation to make
human conspiracy a nuisance. If you raise the bar too high, then people
simply share their passwords.
One problem with any system based on identities, including a hybrid
system, is getting the identities into the system and managing them once
they're there. If Alice needs Trent to add Bob to some list before she
can delegate to Bob, then Trent becomes a bottleneck. Often, Trent has
no basis for knowing whether or not Alice's request makes sense, so he
merely does what she tells him to do. Involving Trent is a waste of
time and effort. If Bob works for a different organization, then Trent
may not have a trust relationship to attach to Bob's identity. Trent
may serve a useful role in supporting Voluntary Oblivious Compliance,
but I believe there are better mechanisms.
Don't get me wrong. Identities are useful. Useful for audit, not
access control.
_________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20061205/e633ab13/attachment.vcf
More information about the cap-talk
mailing list