[Cryptography] Confidential Document Management, the right name or weaselly marketing?

Bill Frantz frantz at pwpconsult.com
Fri Aug 19 11:49:19 EDT 2016


Phil and others interested in this area might be interested in 
an idea developed by Alan Karp and others at HP research called 
"Voluntary Oblivious Compliance". The idea is that, since 
sharing information is necessary to accomplish almost any job, 
you make it easy to share information through the appropriate 
security checks. This way, the system can warn the user that the 
sharing violates policy.

An example would be a accountant who inadvertently posts the 
corporate financial report to an outside web site before the 
official release. (This has happend.) He doesn't want to violate 
policy, but makes mistakes. In other cases, the employee may not 
even know the policy.

The system is voluntary in the sense that the controls can be 
bypassed by doing things the hard way. It is not a solid 
enforcement mechanism.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | When it comes to the world     | Periwinkle
(408)356-8506      | around us, is there any choice | 16345 
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos, 
CA 95032



More information about the cryptography mailing list