Dang it, I saw this message from Dr. Woodfield, and I just *had* to respond. So I resubscribed. Don't rub it in.
The short answer to these questions is: Talk to Dr. Seamons.
Now the long answer.
Dr. Woodfield wrote:
> Let me throw another log on the fire.
> Assumptions:
> 1. As time goes on, more and more people will have family history
> servers of some kind on the net.
The Internet is the Great Equalizer of content distribution. No
longer do those who can buy time on the radio towers and the cable
stations have a monopoly on publication and distribution of
information. BYU (and many other universities), by implementing a NAT
on student computers, hinders the momentum of the Internet by
crippling the students' ability to use the Internet's most potent
enabling attribute: Anyone can serve information to anyone else, in
whatever way they see fit! For example, students may want to run new
P2P software to share geneology information, as Dr. Woodfield suggests
here. The ability to share information, from your own servers, is a
newfound liberty that we should never take for granted.
> 2.Some of the information on the site will be very sensitive
> (e.g. could be used for identity theft)
Well, the real solution to this problem is to fix the system. I mean,
``The System,'' with a capital ``T'' and a capital ``S''. Like
Equifax and Visa. But that's another discussion altogether.
> 3. There are probably different levels of sensitivity.
Yup. Who defines them? How can the definitions be meaningful?
> Problems:
> 1. How do we make sure the right people are accessing the right
> information?
You know that you are asking here a *really hard* question, don't you?
When you say, ``Right people,'' exactly what do you mean? For any
given piece of information, at what point do *I* become the ``right
person''? At what point do I become the ``wrong person''? How do you
express this in a policy language? How do approach the problem of
role identifier semantics?
> 2. While password authentication is much better than nothing, can we
> do better?
Uh, yes.
> 3. Without personal one-on-one verification, how do you grant
> different access priviledges to those who want to sign up?
Role-based authentication, via Trust Negotiation. Talk to
Dr. Seamons.
> 4. How do you protect against bots or spiders trying to crack a
> password?
By enforcing good passwords, or using public key authentication.
> 5. How do we do continual (instead or one time) authentication?
A nonce. But do you really want this?
> 6. With all of the authentication, how do we make it easy to access
> the site?
Now *that's* the crux of the issue. How do you implement strong
security, while keeping it convenient for the end user? The answer,
at the moment, is, you really can't. Not at the level that would make
*me* happy. At least not with our current security infrastructure.
> If this is an interesting problem, how do we package it so that it
> is
> easy to add to anyone's web site?
Keep asking. You're not the only one around who wants to know the
answer to this. I have a few answers to these problems, and I hope to
be able to work on them, at least in some small way, as I finish my
graduate degree at the University of Texas. I just need to convince a
professor here that it is a topic worth pursuing... :-)
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
Nothing is ever a total loss; it can always serve as a bad example.
pgp00000.pgp
Description: PGP signature
____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
