[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design principles

From: Marcus Brinkmann
Subject: Re: Design principles
Date: Mon, 15 Jan 2007 19:53:37 +0100
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI)

At Mon, 15 Jan 2007 12:27:39 -0500,
"Jonathan S. Shapiro" <address@hidden> wrote:
> On Mon, 2007-01-15 at 18:26 +0100, Marcus Brinkmann wrote:
> > Well, in this case I have the upper hand in the discussion, because we
> > definitely have exciting and convincing evidence that mutually
> > suspicious collaboration can and will happen in transparent computer
> > systems.  As a primary example, I cite Wikipedia, which has strong
> > security without opaqueness.  (If you want an example at the operating
> > system level, I cite the Incompatible Timesharing System, ITS,
> > although that is less convincing because it comes from a time where
> > the computing environment was quite different.  Still the similarities
> > to Wikipedia's security mechanisms are all too obvious, so it has to
> > be mentioned).
> An interesting assertion. What are Wikipedia's security mechanisms?

Mmh.  It's actually more interesting that you have to ask.  There is
enough material to go into a longer essay, but I will give a quick
overview.  I will not always state what the outcome is (ie, which
aspects of a possible security policy are achieved), only the actual
mechanisms.  I am not claiming this to be an exhaustive list, it's
mostly what comes to mind immediately.

1) Transparency: The data and software to process it is available to
   everyone for download.  This protects against the weak link, which
   is the host providing the resources.

2) Abundance of resources: Denial of Service attack is unlikely
   because rate of input is lower than rate of resource expansion.
   This is actually true for both hardware resources and soft
   resources like editing improper material etc.

3) Monitoring: All users can monitor changes made by other users.

4) Accountability: All changes are tracked by username and/or IP

5) Versioning: Changes are non-destructive, old versions of modified
   data are retained.

6) Recoverability: Restoration of old versions is possible.

7) Durability: The resources are not at the peril of participating
   users.  (See also point 1).

8) Community: Participants engage in a community with strong social
   bounds, which builds up peer pressure for compliance.

9) Retaliation: IP addresses can be blocked temporarily to protect
   against on-going abuses.

Wikipedia is also experimenting with other mechanisms, for example:

10) Multiple Views: "Stable versions" can be declared which are the
    default view, alternate views are available to everyone at their
    liking.  (This has also been used elsewhere before, for example in
    the slashdot.org comment rating system).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]