mirror of
https://gitlab.com/spritely/ocappub.git
synced 2024-11-26 15:13:02 +00:00
Add section on accountability
This commit is contained in:
parent
0b920742f2
commit
51ad79f800
48
README.org
48
README.org
@ -1342,6 +1342,54 @@ now both refuse to forward messages.
|
|||||||
|
|
||||||
**** Accountability
|
**** Accountability
|
||||||
|
|
||||||
|
Both Ben and Lem contact Alyssa and insist neither of them made those
|
||||||
|
edits to the document.
|
||||||
|
Couldn't they please get access again to write to the file?
|
||||||
|
|
||||||
|
That evening, Alyssa thinks about it and decides that yes, she could,
|
||||||
|
if next time she could hold whoever did it accountable so she could
|
||||||
|
prevent the problem from happening again and know who violated her
|
||||||
|
trust.
|
||||||
|
|
||||||
|
Alyssa makes two new capabilities, but these ones are a little bit
|
||||||
|
different than before: while both allow writing to the file, this time
|
||||||
|
she associates each one with the name of the person she is handing it
|
||||||
|
out to.
|
||||||
|
Now if Bob writes to the file, it's logged that Bob made this change,
|
||||||
|
and if Lem writes to the file, it's logged that Lem made this change.
|
||||||
|
Alyssa hands out these new write-capable-but-logging ocaps to Bob and
|
||||||
|
Lem and logs off for the evening.
|
||||||
|
|
||||||
|
The next morning, the file is defaced again.
|
||||||
|
But the logger picks it up: Lem made all these changes!
|
||||||
|
Alyssa revokes the capability she gave to Lem and gives him a call
|
||||||
|
on the phone.
|
||||||
|
|
||||||
|
Lem swears, he really didn't make these changes!
|
||||||
|
Alyssa shows him her proof, and Lem thinks about it.
|
||||||
|
Well... Lem is really sure that he didn't make those changes, but
|
||||||
|
he knows that Mallet wanted access to the file.
|
||||||
|
It could be that Mallet asked him for it when they went out
|
||||||
|
drinking and Lem was intoxicated... or it could be that Mallet used
|
||||||
|
that opportunity to insert a backdoor into his device.
|
||||||
|
Lem really isn't sure, but insists that /he/ is not the one that did
|
||||||
|
it.
|
||||||
|
|
||||||
|
Alyssa trusts Lem enough as a person (but not as a person who
|
||||||
|
practices good security hygeine), and distrusts Mallet enough, that
|
||||||
|
she finds this story plausible.
|
||||||
|
Still she considers with satisfaction that placing the blame "on the
|
||||||
|
capability she gave to Lem", whether or not it was Lem that did it,
|
||||||
|
was what she really needed to get to the bottom of the situation.
|
||||||
|
"For now, you can email me suggestions," Alyssa tells Lem.
|
||||||
|
"But the next time you want to collaborate on a document, make sure
|
||||||
|
you're more careful with your authority.
|
||||||
|
And if you're not sure whether Mallet might have a backdoor in your
|
||||||
|
system or not, maybe it's time to do a thorough exorcism of your
|
||||||
|
computer."
|
||||||
|
Lem apologizes and agrees... he plans to try to audit his computer
|
||||||
|
tonight.
|
||||||
|
|
||||||
**** Composition
|
**** Composition
|
||||||
|
|
||||||
# add backup of file example; alice's composed capability should
|
# add backup of file example; alice's composed capability should
|
||||||
|
Loading…
Reference in New Issue
Block a user