BPuhl’s Blog

A little bit of everything without actually being much of anything

« What do you do, when you don’t know what to do?
Long term data, I’d like to introduce you to my friend "Life Cycle Management" »

Authorization Skittles

Posted by BPuhl on March 11, 2008

Cleaning out my unfiled OneNotes, and ran across this gem.  I can’t even remember who said it anymore, but it sounds like something that either Dan or I would say…so in the absence of anyone else to credit:

We don’t actually protect data today. We protect the container that data is in, and that’s what the authorization policy applies to. Instead of telling the kid, “No, you can’t eat any Skittles” the policy we express is, “You’re not allowed to open the bag of Skittles” – achieves the same result, but the authorization policy can’t extend past the container being opened. Once the data is gone, it’s gone.

This entry was posted on March 11, 2008 at 10:07 pm and is filed under ADFS, Digital Identity, Identity and Access, Quotes, Random Tecnical Stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Authorization Skittles”

  1. Laura said

    March 12, 2008 at 2:21 am

    One of the DEC speakers (heck, might’ve been you, can’t remember) expressed that slightly less surreal-ly as “You can’t undo data disclosure. We can sue the guy who was able to post our source code all over the Internet, but we can’t make him un-post it.”

    Reply

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« What do you do, when you don’t know what to do?
Long term data, I’d like to introduce you to my friend "Life Cycle Management" »