[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: Delegate

Clearly we need to differentiate between "small" integers and
infinity.  I may want to allow delegation without knowledge of the
depth, or I may want to limit the depth.  The problem isn't with the
MIS officer... The problem is with the person who certifies the MIS
manager's key...  *THAT* person doesn't know the link length.

So, the outsider should give the MIS manager unlimited delegation
depth, but the MIS manager may limit further delegations to some small


"Phillip M. Hallam-Baker" <hallam@ai.mit.edu> writes:

> The only problem with this model is that you don't necessarily know
> how long an internal chain-of-command is.  This is similar to IP
> subnetting.  For example, from outside MIT (which has net 18), there
> is a single "network", so someone from the outside could say "well,
> there is only one net-18 subnet, so I delegate with level one".  But
> once you get past the router you find many /16 subnets.  Oops!  but
> wait, some of those /16 nets get split up even further, into /24 or
> even /28 networks!
> That is precisely why I would wish as a manager at the top 
> of a corporation to stop unbounded delegation. Each link
> in the chain makes it harder to discover what is going on.
> As a security officer I would consider it very important to
> be able to control the number of phone calls required to 
> discover what had happened. The depth of the tree has a major 
> effect on the search time since each link may potentially 
> involve contacting someone who is off sick, on holiday or
> absconded with the money.
> 	Phill

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord@MIT.EDU    PP-ASEL     N1NWH    PGP key available