[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reputation Webs and Java/Applet Security
At 7:10 PM 5/4/96, Blake Coverett wrote:
>I was right in the first message... it is a reputation thing. We don't
>disagree on any of the fact here, just on their implications.
>
>I see this from the point of view of the author of these native methods,
>cypherpunk still do write code sometimes. From that point of view
>where is the difference between calling my native code methods and
>calling the java.awt.*, or netscape.* methods that are native code? Yes,
>either can do anything they want, irregardless of the SecurityManager.
>
>For J. Random User on the net, Sun/Netscape's reputations are
>fairly strong and mine is non-existent. For the corporate IS folks to
>whom I contract this situation is reversed. (Despite impressive IPOs
>I still get a lot of friction about 'programs downloaded from the net'.)
By the way, I think "reputation webs" may get one of their earliest uses in
this situation, with applets or chunks of code being "vouched for" by
testing or credentialling agencies, analogous to Good Housekeeping Seals
and Underwriter's Laboratories. (This model applies to more than just Java
applets, of course. To some extent, reviews of programs and testing of
snippets of code has always involved this "reputation rating" process...I'm
just suggesting it could be implemented in-line with the runtime
environment....)
While we often talk about the human example, where we want to do nifty
things like rank and rate the postings of J. Random User by what others we
trust (or don't trust) are saying, the fact is that most people are willing
to see what J. Random User is writing and judge for themselves. Hence,
reputation markets (what I'm calling "reputation webs," as with "webs of
trust") have been slow to take off in human communication circles. (At
least automated, that is.)
For Java applets, once digital signatures are supported we have the
possibility of automating the checking of who has said good things about
the applets, who has said bad things, how much faith we place in these
opinions, and so on. Almost a class hierarchy in itself (though mix-ins
might be useful, as the hierarchy is not strictly single-inheritance, it
seems).
Thus, the "Wall Street Testing Agency," with various stringent policies
about what applets can do and what they must not be allowed to do, may have
ratings of applets, keeping even Perry happy. Someone at a Wall Street firm
could then screen out applets based on these ratings. Others might have
completely different criteria.
(And the web could change dynamically, as the user's environment changed.
For example, a PC used largely for games will likely have a different model
of whom to trust than a workstation used for high finance. And one could
imagine moving sensitive files to a removable disk, popping out this disk,
and then altering the settings to reflect a lower perceived risk.)
Virus checking is to some extent already in this model, with
"well-regarded" virus checkers acting as a gatekeeper of sorts.
One might even (hopefully!) be able to integrate this directly into one's
programming environment. Maybe the "SecurityManager" class could be turned
into a "ReputationManager" class, with today's "SecurityManager" being just
one of many possible configurations (e.g., the one JavaSoft is
recommending).
And the NSA and NCSC might have their own "Orange Book" sorts of requirements.
Let a thousand flowers bloom...but keep track of their reputations.
--Tim May
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."