Re: Design principles

[Marcus Brinkmann]

At Mon, 15 Jan 2007 19:50:31 -0500,
"Jonathan S. Shapiro" <address@hidden> wrote:
> 
> On Mon, 2007-01-15 at 20:31 +0100, Neal H. Walfield wrote:
> > At Mon, 15 Jan 2007 14:16:29 -0500,
> > Jonathan S. Shapiro wrote:
> 
> > > In short, Wikipedia doesn't *have* any security policies. What Wikipedia
> > > has is robust means of recovery. Wikipedia has absolutely no means for
> > > preclusion of hostile acts. It only has means for recovery and
> > > retaliation.
> > > 
> > > This is an interesting approach, and one that is effective for
> > > Wikipedia. It is not a security policy.
> > 
> > A security policy is simply a set of rules regarding
> > 
> >   - access (privacy)
> >   - modification
> >   - availability
> > 
> > So, yes, this is a security policy.  What you want to say is: "this is
> > a bad security policy." 
> 
> No. What I want to say is "this is the trivial security policy: it
> imposes no restrictions".

Are you saying you can delete old revisions of wikipages in Wikipedia?
Or deny other participants access to the full database?  Or deny other
participants the ability to restore old revisions?

> Availability is not generally considered part of security policy
> specification. Perhaps it should be. Certainly it is an important issue.
> But the literature on security policies is concerned with information
> flow, not availability.

But if information is not available, it can't flow.  I have seen
availability frequently mentioned in the context of security issues.
I don't know about formal descriptions of "security policies", but
it's certainly a part of the IT security canon, and my impression was
not only in the sense of restricting access to them.

Thanks,
Marcus