[cap-talk] In Defense of Identities

[Jed at Webstart]

At 09:06 AM 12/6/2006, Marc Stiegler wrote:

> > Once we acknowledge that this is a discussion about relative costs, it
> > may be the case that the technical deficiencies of identity-based
> > authorization are real but irrelevant. The nuisance factor of ACLs may
> > actually be at just about the right level.
>
>Alas, nuisance factors prohibit the honorable people from getting their
>work done with far greater effectiveness than they prohibit true
>clandestine conspirators.

Amen to that!  Please reconsider the John Walker spy case in this regard.
It is just that nuisance factor that created the problems that lead
to that and I argue many other security failures.

>The stories associated with HP's efforts to
>grant me edit authority on the folder on the app server so I could
>manage the Polaris deployment successfully demonstrate this.

and the list goes on, and on, and on.

>The reason is simple: the honorable folks have a thousand low-value
>transactions to engage in,

with local knowledge I might add.

>while the evil conspirators typically have a
>small number of high-value transactions to engage in. One does not
>engage in industrial espionage as casually as one tries to get one's
>work done. You can stop a lot of the low-value transactions without even
>imposing a speed bump on the high-value transactions. Of course, you can
>lose enormous amounts of value by preventing large numbers of low value
>transactions. Hey, that sounds like the way it really works today,
>doesn't it?

I agree.

--Jed http://www.webstart.com/jed/