[3566] in cryptography@c2.net mail archive
Re: log files (was: Re: dbts: Cryptographic Dog Stocks, The Dirigible Biplane, and Sending the Wizards Back to Menlo Park )
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Oct 30 15:57:21 1998
Date: Thu, 29 Oct 1998 18:15:06 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Steve Simmons <scs@ans.net>
CC: cryptography@c2.net
Steve Simmons wrote:
>
> Speak as one with *almost* as many years in the sys admin biz as Steve
> Bellovin, I wholeheartedly second his comments on utility of logfiles
> and traceability of (trans)actions. (And for those who don't know
> who I am, a few minutes with my name, alta vista, and the word `LISA'
> should find you plenty of references). The less tracability in a system,
> the harder it is to maintain and debug. It doesn't matter what kind of
> system, that's a general truth.
Right, but the original comment was with respect to identity vs.
capability, if I remember correctly. Since there is no global identity,
the best you can do is to have some kind of (semi) local identity.
There's no reason that capability based auth shouldn't carry around a
similar sort of identity for the purposes of tracing. Indeed, it seems
to me to be highly desirable. But that has nothing to do with the merits
of identity versus capability for the purposes of authorisation.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
