OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Managing Innovation

[ Lists Home | Date Index | Thread Index ]

From: Chris Wilper [mailto:cwilper@cs.cornell.edu]

>> Can an innovative environment produce a trusted computing system?

>If the constraints are accepted beforehand, sure. 
>Great innovation happens under (and often in response to)
>the most constrained conditions.

One might read a constraint as the existence of trusted 
code upon which innovative systems are built.  So the 
security constraints can be built in.  Usability doesn't 
kill creativity, but opinions differ on what is usable.

>Related: http://www.useit.com/alertbox/20030908.html
>(third heading down, "[Misconception:] Usability Kills Creativity")

> Can we 'do the simplest thing that will possibly work' 
> and still produce a secure system.

>Unlike usability, considering *trust* issues as you set out to design
>will usually preclude the simplest thing from being done.

Ok.  Not being a security expert, I can agree with that, but again, 
if the code base is secured, then innovation can proceed simply by 
using that code base.

>Where we often get into trouble is throwing such all-encompassing
>constraints onto an already-built system.  No matter how low your
>"iteration cost", if you've inadvertantly carved security out of 
>the final product, you're not going to pump out a secure version
>next week.  Too much would have been ignored by that point.

Right.  Innovation at that point would be in producing an innovative 
solution to securing an inherently insecure system.  Not a simple job.



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS