[cap-talk] In Defense of Identities - not

[Rob J Meijer]

> I have seen this too. But I have never seen nor heard of an organization
> that, once having signed a pen to you, required that you go back to the
> stock clerk to keep the audit trail straight when the guy in the cube
> next to you asked to borrow the pen. Or when you lent a pen to your
> subordinate so he could sign the paperwork you had just handed him. This
> is the real analogy: we're talking about a second delegation of an
> authority that has already been delegated to you. Everyone assumes you
> can have the wisdom and responsible attitude necessary to re-delegate
> your authority, not just with pens, but with items of equipment of
> substantial value, without more paperwork. Good thing, too, because the
> stock clerk has far less info than you with which to make wise decisions
> on further levels of delegation.

Lets take this metaphore to one a bit unrealistic but I hope more
descriptive of the real issue, that is to incident response and
accountability.

Lets assume the ink of each pen in the batch that was given into your
responsability would be directly tracable ink->pen->batch->you, and now
lets say a letter damaging to the company was intercepted and could thus
traced back to the pen you handed to the guy in the next cube. You would
be very hapy if an audit trail could proof that:

* you delegated the specific pen to the guy in the next cube.
* you did not yourself have the posibility to use the pen after you
  delegated it.
* the leter was writen after delegation took place.

If you would have had no reason to distrust the guy in the next cube
with your pen, than given the aditional information provided by you
for the abouve would divert all accountability from you to the guy in
the next cube.

Rob