[cap-talk] Fwd: [cors] TAG request concerning CORS &Next Step(s)

Dave Chizmadia - Gmail davechiz at gmail.com
Thu Jun 25 20:57:58 EDT 2009 

My own take is that "security is a pain" because it involves
requirements and solutions that are usually some combination 
of:
  * imprecisely stated;
  * poorly understood;
  * not interesting (to the developers);
  * imposed, rather than deduced
  * not often scalable;
  * apparently not intuitive

For myself, I find security design far easier than, eg, user
interface design because I've been working in the security
field for 23 years and have seen how my wife (and by 
extension, most casual users) reacts to most attempts at 
user interfaces. Most other computer have exactly the 
reverse experiences.

Somewhat ironically, I actually have been giving a fair bit
of thought to the issue of formalizing first principles of
security as an ontology with derived vocabulary & metamodel 
(or domain specific language for non-OMG heathens :-)) Now
if I could just find someone to pay me to write things down!

-DMC

> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Raoul Duke
> Sent: Thursday, June 25, 2009 8:07 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Fwd: [cors] TAG request concerning 
> CORS &Next Step(s)
> 
> 
> >> > Security is often a pain.
> > Read <http://www.snopes.com/college/exam/barometer.asp>.
> > Security is hard for the same reason the barometer joke is funny.
> 
> nice!
> 
> the things are all related, but not all the same. i wonder how the
> original was meant?
> 
> - "security is often a pain" to deal with as a user.
> - "security is often a pain" to get right as an implementer 
> of a system.
> - "security is hard" isn't necc. the same as "a pain".
> 
> i guess in my mind i was envisioning some model that would include
> forces among goals and such, which would somehow help envision what
> the trade-offs and potential holes are. i don't know how to go about
> drawing up such a thing.
> 
> sincerely.
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>

More information about the cap-talk mailing list