BPuhl’s Blog

A little bit of everything without actually being much of anything

Authorization Skittles

Posted by BPuhl on March 11, 2008

Cleaning out my unfiled OneNotes, and ran across this gem.  I can’t even remember who said it anymore, but it sounds like something that either Dan or I would say…so in the absence of anyone else to credit:

We don’t actually protect data today. We protect the container that data is in, and that’s what the authorization policy applies to. Instead of telling the kid, “No, you can’t eat any Skittles” the policy we express is, “You’re not allowed to open the bag of Skittles” – achieves the same result, but the authorization policy can’t extend past the container being opened. Once the data is gone, it’s gone.


One Response to “Authorization Skittles”

  1. Laura said

    One of the DEC speakers (heck, might’ve been you, can’t remember) expressed that slightly less surreal-ly as “You can’t undo data disclosure. We can sue the guy who was able to post our source code all over the Internet, but we can’t make him un-post it.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: