l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design principles

From: Jonathan S. Shapiro
Subject: Re: Design principles
Date: Mon, 15 Jan 2007 19:50:31 -0500 
On Mon, 2007-01-15 at 20:31 +0100, Neal H. Walfield wrote:
> At Mon, 15 Jan 2007 14:16:29 -0500,
> Jonathan S. Shapiro wrote:

> > In short, Wikipedia doesn't *have* any security policies. What Wikipedia
> > has is robust means of recovery. Wikipedia has absolutely no means for
> > preclusion of hostile acts. It only has means for recovery and
> > retaliation.
> > 
> > This is an interesting approach, and one that is effective for
> > Wikipedia. It is not a security policy.
> 
> A security policy is simply a set of rules regarding
> 
>   - access (privacy)
>   - modification
>   - availability
> 
> So, yes, this is a security policy.  What you want to say is: "this is
> a bad security policy." 

No. What I want to say is "this is the trivial security policy: it
imposes no restrictions".

Availability is not generally considered part of security policy
specification. Perhaps it should be. Certainly it is an important issue.
But the literature on security policies is concerned with information
flow, not availability.

shap
-- 
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100
reply via email to
[Prev in Thread] Current Thread [Next in Thread]