Posted by BPuhl on March 11, 2008
Cleaning out my unfiled OneNotes, and ran across this gem. I can’t even remember who said it anymore, but it sounds like something that either Dan or I would say…so in the absence of anyone else to credit:
We don’t actually protect data today. We protect the container that data is in, and that’s what the authorization policy applies to. Instead of telling the kid, “No, you can’t eat any Skittles” the policy we express is, “You’re not allowed to open the bag of Skittles” – achieves the same result, but the authorization policy can’t extend past the container being opened. Once the data is gone, it’s gone.