|
Pham Neutra
Registered User
Join date: 25 Jan 2005
Posts: 478
|
02-02-2006 03:00
Just found a rather interesting article in my WIRED newsfeed: How to Code a Constitution. Its a kind of abstract for an academic paper and much easier to digest than the original. The main thesis: You can compare these legal concepts [the legal concepts for a modern democratic constitution] to the eight principles for designing secure systems set forth in an article by Jerome Saltzer and Michael Schroeder and discussed in Computer Security: Art and Science by Matt Bishop, where I ran across them. These principles are: - Separation of privilege: The protection mechanism should grant access based on more than one piece of information.
- Least privilege: The protection mechanism should force every process to operate with the minimum privileges needed to perform its task.
- Open design: The protection mechanism should not depend on attackers being ignorant of its design to succeed. It may, however, be based on the attacker's ignorance of specific information such as passwords or cipher keys.
- Fail-safe defaults: The protection mechanism should deny access by default, and grant access only when explicit permission exists.
- Complete mediation: The protection mechanism should check every access to every object.
- Economy of mechanism: The protection mechanism should have a simple and small design.
- Least common mechanism: The protection mechanism should be shared as little as possible among users.
- Psychological acceptability: The protection mechanism should be easy to use (at least as easy as not using it).
This has a lot of relevance for the redesign of the new group functionalities, IMHO. Yes, group functionalities should be designed as a "secure system". |
|
Khamon Fate
fategardens.net
Join date: 21 Nov 2003
Posts: 4,177
|
02-02-2006 10:32
Secure? We may not be using the same definitions; but I see a vast difference in LL coding contitutional abilities to assign rights to roles and LL coding contractually binding security features into the group tools.
Groups were conceived for the express purpose of functioning as a social interaction tool before anyone at LL ever conceived that people would rent virtual land or need to manage group funds. Over the years, no changes were made to accomodate the needs of inworld businesses. They were asked for, just not provided. I tell a lie. They did remove the officer recall per Prokofy's request. The rest of us were patently ignored. Go figure.
Now they seem eager to make up for lost time by revamping the system, as has been steadily requested, to accomodate needs that have been readily apparent for quite some time.
My point is, I doubt they are going to go so far as to predict what groups may need in the future, e.g. contractual features. They didn't code around such predictions three years ago. They waited until they could plainly see what was needed. Why would they break that mold now? Instead, they're adding the covenant feature to the land tools. That seems to serve political needs best as land ownership is power in Second Life.
Thank Heaven they've finally realized that, and are working toward fostering an environment in which people will operate their own grids (countries). LL will still rake in the dough providing software and feature sets to support socialization and business needs having offloaded the political concerns to the grid owners themselves.
_____________________
Visit the Fate Gardens Website @ fategardens.net
|