[Cryptography] Confidential Document Management, the right name or weaselly marketing?
Bill Frantz
frantz at pwpconsult.com
Fri Aug 19 11:49:19 EDT 2016
Phil and others interested in this area might be interested in
an idea developed by Alan Karp and others at HP research called
"Voluntary Oblivious Compliance". The idea is that, since
sharing information is necessary to accomplish almost any job,
you make it easy to share information through the appropriate
security checks. This way, the system can warn the user that the
sharing violates policy.
An example would be a accountant who inadvertently posts the
corporate financial report to an outside web site before the
official release. (This has happend.) He doesn't want to violate
policy, but makes mistakes. In other cases, the employee may not
even know the policy.
The system is voluntary in the sense that the controls can be
bypassed by doing things the hard way. It is not a solid
enforcement mechanism.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | When it comes to the world | Periwinkle
(408)356-8506 | around us, is there any choice | 16345
Englewood Ave
www.pwpconsult.com | but to explore? - Lisa Randall | Los Gatos,
CA 95032
More information about the cryptography
mailing list