[cap-talk] In Defense of Identities

[Karp, Alan H]

Jonathan S. Shapiro wrote:
> 
> Umm. That isn't quite what I was saying, and I think we agree.
> 
Whew!!
> 
> Once we acknowledge that this is a discussion about relative costs, it
> may be the case that the technical deficiencies of identity-based
> authorization are real but irrelevant. The nuisance factor of ACLs may
> actually be at just about the right level.
> 
I contend that the nuisance factor of ACLs is far higher than most
people acknowledge.  That squeaky door that drove you nuts when you
first moved into your house, you don't even notice a month later.  We
have become so used to dealing with the difficulties of ACLs that we no
longer realize what a high cost we are paying.
> 
> Even if Trent acts as you say, the fact that Trent must authorize
> becomes auditable -- which may be the entire value obtained from the
> sequence.
> 
If all you want is audit, there are easier ways.  
> 
> I confess that I am disturbed by my own direction here. I am, 
> in effect,
> arguing that sophisticated conspiracy is unavoidable but rare,
> unsophisticated conspiracy is common but traceable, and that the right
> level-set may therefore be to provide mechanisms that guard against
> unsophisticated conspiracy and oblivious error.
> 
I contend there are better ways to achieve your goal than introducing
ACLs.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp