[e-lang] Microsoft's laws of identity
Karp, Alan H
alan.karp at hp.com
Thu Jul 28 20:21:35 EDT 2005
Andy Dwelly wrote:
> Actually, I wasn't aware that it was considered an insoluable problem
> the links were enlightening. I believe I follow the argument. I'll
> to discuss the point with the rest of the design team because there is
> potentially a legal implication in 'who does the work' rather than
> work was done'.
An audit trail is important in many cases. If you just use
capabilities, you can always issue a different one to each person. That
way you can blame that person no matter who it was delegated to.
Unfortunately, that approach doesn't satisfy some legal requirements.
When it doesn't, there's nothing to stop you from requiring an ID
argument as part of the API.
Virus Safe Computing Initiative
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/e-lang/attachments/20050728/205358a2/KarpAlanH.vcf
More information about the e-lang