[cap-talk] Confused Deputy gets a new name in Web 2.0 lingo

Ian G iang at systemics.com
Tue Oct 17 15:50:14 CDT 2006 

Mark Miller wrote:
> On 10/17/06, Jed at Webstart <donnelley1 at webstart.com> wrote:
>> [...]  I believe "Confused Deputy" has stood the test
>> of time, has history on it's side, and is good enough (certainly
>> lacking any viable alternative), so we should stick with it.  Of
>> course people should feel free to submit alternative names for
>> discussion, but I think we should be very careful in any effort to
>> change such a venerable name.
> 
> I agree. For various reasons, including perhaps because it's so much
> fun to say, this particular meme has had more success spreading itself
> than virtually anything else coined by our community.

<grumble>

I don't disagree with the desire to stick with
what works ... but every time I hear or see the
term, I get confused :-(  So I guess I would demur,
the meme in question doesn't spread well via the
slothful agency of my grey matter.

It brings to me no clear image whatsoever, and
I for one was actually relieved today and made
a mental note that Wikipedia has an entry to
query next time ....  I found the Ping v. Tyler
battle most interesting as I tried to grasp the
real core of what this common term means.

(I think we discussed this a while back, and it
was pointed out that the term has some sort of
cultural sense related to North American wild
west / films.)

</grumble>

<side observation>

It also occurs to me that the concept of the
Confused Deputy is quite possibly explained in
agency theory, which is a branch of economics
that goes back far longer than living memory.

In agency theory, we start from the assumption that
the agent is the human who has distinct interests
that differ from the principal.  Canonically, we
might talk about the shop assistant who receives
money on behalf of the owner;  the invention of
the cash register / cash till is based on the
need to clearly separate out the monies of the
business from the monies in the agent's pocket.

The written receipt has the same original grounding
in agency theory (but is far more subtle).

This theory then informs all sorts of corporate
and security thinking (using security in the sense
of auditing / accounting rather than the more
familiar computing sense).

(Unfortunately I have only a "user" level appreciation
of the theory, so cannot point further than the
suspicion of the connection ....  If anyone can,
I'd be grateful!)

</>

iang

More information about the cap-talk mailing list