The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

2007-13--04 Security Link Of The Day

Guest Author
Dave Walker is on of Sun's clearest thinkers on matters related to identity and access to data; about a year ago he posted this observation which didn't really get the attention it deserved.


The issue of identity has been bothering me for a while. While identity can clearly be applied to human consumers of services - and expressed as a subset of information held about them in various places - I've started wondering how the concept of identity could be used for various other entities, and indeed how the properties of identity as applied to humans could potentially be mapped onto them.

Hence the table below, which is my rather crude first shot at this mapping for files, running processes, OS instances, zones, hardware domains and services. Cells with question marks in them are areas where I currently don't see a mapping - this could mean that a mapping is not appropriate, or that an appropriate technology does not exist today, and could point the way for a bit of fundamental research.

I suspect I'm heading down a path which has been well-trodden already, but you might find some parts of this amusing. I'd be happy to bounce ideas around, or become clueful on what current thinking in this area actually is.


I'm hoping to get Dave blogging here more directly, soon, so keep an eye open.

Treating processes (ie: computer programs, live and running on a CPU) as if they were people, is not necessarily as easy as you might think - but then given how easily some people can be socially engineered maybe it's not so bad an analogy after all.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.