One Article Review
| Source |  Schneier on Security |
|---|---|
| Identifiant | 8288674 |
| Date de publication | 2022-12-07 12:04:41 (vue: 2022-12-07 13:06:42) |
| Titre | The Decoupling Principle |
| Texte | This is a really interesting paper that discusses what the authors call the Decoupling Principle: The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function. Architectural decoupling entails splitting functionality for different fundamental actions in a system, such as decoupling authentication (proving who is allowed to use the network) from connectivity (establishing session state for communicating). Institutional decoupling entails splitting what information remains between non-colluding entities, such as distinct companies or network operators, or between a user and network peers. This decoupling makes service providers individually breach-proof, as they each have little or no sensitive data that can be lost to hackers. Put simply, the Decoupling Principle suggests always separating who you are from what you do... |
| Envoyé | Oui |
| Condensat | actions allowed always architectural architecturally are articulated: authentication authors between breach call can clearly colluding communicating companies connectivity data decoupling different discusses distinct divided each ensure entails entities entity establishing from function functionality fundamental hackers has have idea individually information institutional institutionally interesting little lost makes need network non not only operators paper peers perform previously principle principle: privacy proof providers proving put really relevant remains sensitive separating service session should simple simply splitting state such suggests system use user what who yet |
| Tags | Studies |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.