[cap-talk] Horton vs. ACLs - private namespaces and the Audit Problem
Jed Donnelley
capability at webstart.com
Wed Oct 10 13:13:27 EDT 2007
At 09:35 AM 10/10/2007, Karp, Alan H wrote:
>MarkM wrote:
> >
> > Without asking us to wade through the text of these, can you provide
> > us with any insight about how this could possibly be the case? How
> > would one write an automated compliance predicate that could give a
> > meaningful answer from such a low level trace of human-meaningless
> > data? If the regulation is simply: "though shall record oodles of
> > stuff", then I can see it. Otherwise, I can't imagine a compliance
> > test that could be answered from these logs.
> >
>Did Alan Karp access the file containing the upcoming quarterly results
>during the quiet period in which he traded HP stock?...
I think we agree that answers at the level of who (e.g.
which people or roles) accessed what are meaningful - e.g.
the level supplied by a mechanism like Horton and
also potentially by ID based ACL mechanisms.
I thought the question was whether knowing which objects
had access to which other objects (e.g. in real time)
or even seeing logs of which objects had accessed
which other objects was the level at which I earlier
and MarkM above were asking about the value in the logs
of such low level traces.
I know for us as systems programmers such logs can
be useful to track down system problems. However, I
find it difficult to imagine the use of such logs
for auditing - except perhaps to map into higher level
access as Alan asks about above. Since mechanisms like
Horton and ACLs can answer such questions directly for
users, it doesn't seem to me that low level object
access logs are really needed for users - even in
the role of auditor.
--Jed http://www.webstart.com/jed-signature.html
More information about the cap-talk
mailing list