[e-lang] Microsoft's laws of identity
Karp, Alan H
alan.karp at hp.com
Thu Jul 28 20:21:35 EDT 2005
Andy Dwelly wrote:
>
> Actually, I wasn't aware that it was considered an insoluable problem
-
> the links were enlightening. I believe I follow the argument. I'll
have
> to discuss the point with the rest of the design team because there is
> potentially a legal implication in 'who does the work' rather than
'what
> work was done'.
An audit trail is important in many cases. If you just use
capabilities, you can always issue a different one to each person. That
way you can blame that person no matter who it was delegated to.
Unfortunately, that approach doesn't satisfy some legal requirements.
When it doesn't, there's nothing to stop you from requiring an ID
argument as part of the API.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 433 bytes
Desc: Karp, Alan H.vcf
Url : http://www.eros-os.org/pipermail/e-lang/attachments/20050728/205358a2/KarpAlanH.vcf
More information about the e-lang
mailing list