[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: Delegate

The only problem with this model is that you don't necessarily know
how long an internal chain-of-command is.  This is similar to IP
subnetting.  For example, from outside MIT (which has net 18), there
is a single "network", so someone from the outside could say "well,
there is only one net-18 subnet, so I delegate with level one".  But
once you get past the router you find many /16 subnets.  Oops!  but
wait, some of those /16 nets get split up even further, into /24 or
even /28 networks!

That is precisely why I would wish as a manager at the top 
of a corporation to stop unbounded delegation. Each link
in the chain makes it harder to discover what is going on.

As a security officer I would consider it very important to
be able to control the number of phone calls required to 
discover what had happened. The depth of the tree has a major 
effect on the search time since each link may potentially 
involve contacting someone who is off sick, on holiday or
absconded with the money.