[cap-talk] Excerpt of Italy Data Privacy: Legislative Decree 30 Jun 2003 n.196.
Valerio Bellizzomi
devbox at selnet.org
Sat Dec 23 16:19:36 CST 2006
On 23/12/2006, at 17.28, David Hopwood wrote:
>Jed at Webstart wrote:
>> At 04:50 PM 12/18/2006, Karp, Alan H wrote:
>>
>>>Sorry. I meant to say that nothing says identity needs to be checked
on
>>>each access request and used to decide whether or not to honor the
>>>request. Identity can be use solely to enter the system and gain
access
>>>to the user's powerbox. I've been using that trick with the US Navy to
>>>get around similar requirements that seem to say you need ACLs.
>>
>> Still, I believe there is some meat to this discussion. Suppose
>> we have the situation where Alice is such a user (identity) on the
>> system whose access must be checked. Then Alice delegates
>> to Bob. That is, she somehow makes some of her authority
>> available to Bob. Perhaps she sends a capability directly
>> to Bob (no proxy, no delegation with revocation/responsibility
>> tracking). Now Alice doesn't access her account or for some
>> other reason has her access removed.
>>
>> What about the access delegated to Bob? I believe the intent
>> of the decree is that the access delegated by Alice to Bob should
>> also be removed.
>
>Why do you believe that is the intent? The decree doesn't actually say
>so; it seems to be concerned primarily with abuse of stale accounts.
Precisely. The decree is concerned with de-activation of stale accounts as
a minimum security measure.
De-activation is not removal, the account is only "locked" by a sysadmin.
When the user is back at work, she sends a note to her manager, and the
account is reactivated.
>
>AFAICS, implementing this as you suggest would be counterproductive:
>suppose
>that Alice *was* a system adminstrator, who left the company 6 months
ago.
>The delegations she set up are essential to the continued functioning of
>applications critical to the business. If they suddenly stop working,
>for no good reason that the current system adminstrators are immediately
>able to discern, then the management is unlikely to be happy.
The decree says at one point "Except for those that have been authorised
exclusively for technical management purposes."
As I read it, accounts that are created only for technical reasons (root
user) are excluded from de-activation.
>
>--
>David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the cap-talk
mailing list