[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New law concerning electronic commerce

From: Stanley A. Klein
Subject: Re: New law concerning electronic commerce
Date: Mon, 25 Feb 2002 07:36:22

Take a look at the draft security proposal I developed.  It is posted on
Neil Tiffin's page.  One issue I began to try to address is the information
security infrastructure required for meeting European Community (EC)
privacy requirements.  (BTW, the privacy requirements in Europe have been
much more stringent than those in the USA for many years.  I remember
reading articles about the issue in the early-to-mid 1970's.)

In summary, all information security (including access control) depends on
the operating system and on other elements of infrastructure (e.g., the
database management system) that also depend on the operating system but
provide their own (derivative) security functions.  

GNUE is designed to meet a wide variety of user requirements and to run on
a variety of operating systems.  The best GNUE can do in the area of
information security and access control is to enable a user to apply the
functionality that the operating system and other infrastructure elements
provide.  To that end, my draft proposal tries to begin identifying how to
do that and to simplify the user's task in applying the functionality.

Current operating systems do not provide functionality specifically
tailored to meeting EC privacy requirements.  However, one of the security
add-ons to GNU/Linux has features developed (IIRC) by a Swedish researcher
who was focused on the operating system functions needed to support EC

The tricky part for GNUE will likely come from any mandated test and
compliance demonstration/certification requirements included in the

Stan Klein

At 10:36 AM 2/24/2002 -0500, address@hidden wrote:
>Neil Tiffin <address@hidden> writes:
>> Excellent,
>> Thanks this has been added to:
>> packages/base/person/doc/person.sgml
>Cool. Any possibility to list me as an author?
>Btw: I will soon be writing something about "General storage and
>access control requirements with respect to privacy regulations."

reply via email to

[Prev in Thread] Current Thread [Next in Thread]