[cap-talk] Excerpt of Italy Data Privacy: Legislative Decree 30 Jun 2003 n.196.
Valerio Bellizzomi
devbox at selnet.org
Mon Dec 18 19:26:16 CST 2006
On 18/12/2006, at 18.50, Karp, Alan H wrote:
>Valerio Bellizzomi wrote:
>> >But it doesn't say when those checks must be done. Users need
>> >credentials to enter the system. If they use them to
>> connect to their
>> >power boxes, we have can still have a usable system.
>>
>> I guess the checks have to be done every day, In our case if
>> an account is
>> unused from 6 months, it is deactivated.
>> Reactivation of an account needs confirmation of the machine
>> administrator.
>>
>Sorry. I meant to say that nothing says identity needs to be checked on
>each access request and used to decide whether or not to honor the
>request. Identity can be use solely to enter the system and gain access
>to the user's powerbox. I've been using that trick with the US Navy to
>get around similar requirements that seem to say you need ACLs.
It is just that as system administrators we are concerned to do the checks
manually if they aren't available automatically, this is yet another error
prone work.
In practice the law mandates for current systems, since there aren't any
capability systems widely used at present, it mandates at present for ACL
systems.
I hope this will change in face of the future wide availability of
capability systems.
val
More information about the cap-talk
mailing list