Commenting from file
Wed, 8 Mar 95 21:00:34 PST

> Good point. Although I would like to be able to provide many classes
> of services to people (or their agents) to whom I would never grant,
> say, a Unix shell account.

I agree. One of the problems with UNIX as it exists is that there is little
reasonable control over access to data and programs. I would like to see
a system that supports both Access Control Lists and Integrity Control Lists.
Systems should also include a set of tools to manage and monitor the security
of a system. Currently I know of no tools that can effectively manage systems
in a way that the tools can be used by someone with less than a "GURU" standing.

> A separate issue, but one we should consider as well, is that an
> "intelligent" agent might be unintelligent enough to make certain
> mistakes that a human would never make. I'm thinking of things like
> getting into an infinite loop and issuing the same query a million
> times (poorly programmed WWW robots are a current example of this).
> The kinds of software pathology they've been worrying about for years
> in the RISKS Digest all apply to intelligent agents, and both the
> designers of agents and the designers of services that agents interact
> with need to be aware of them. For this reason, it might be that I
> would be willing to grant a human more access than I would grant his or
> her robotic agent.

You may be able to make a system idiot proof but it can never be made fool
proof. Because fools are so ingenious;)

It should be possible handle resource allocation and monitoring on a level
that has a finer grain then the "user". For example why not limit the number
of CPU cycles that can be spent running a program on an individual program
basis, or why not continue that to be able to limit resource usage based on
the data file being accessed.

User,Group,Others along with Read,Write,Execute is not near enough control
to be able to allow people reasonable access to systems in a secure and
managed way.
I would like to see a scheme similar to OS/2's Extended Attributes where a
system can store arbitrary information associated with a file. EA's in OS/2
are not the answer as they stand now, but they are a good idea.

<rant mode on>
At some point in the future it may be that we will have operating systems that
are capable of supporting the kind of features necessary to support agents
and use by the public in general. But to get there we will have to abandon
the current 20 year old software design philosophy.
When UNIX was first developed operating systems of the day were written in
assembler. 20 years later C has replaced assemble, and for C++ just think
of a macro assembler. With the newer languages and tools available why are
we now using the 90's moral equivalent of assembler?
<rant mode off>

Alvin Starr                   ||   voice: (905)513-6717
Eyepoint Inc.                 ||   fax:   (905)513-6718            ||