Saturday, October 01, 2005



Banks are highly aware of some types of threat, but seem to ignore other types of threat. How can you have a secure system in which one party is systematically blind to a particular class of threat. You would have to hold them in some sort of quarantine.


How can you have a secure system that only works if all the parties are completely free of conceptual limitations?

I think my children are systematically blind to certain things. (No doubt they think I'm systematically blind to certain things.) This means I trust them in certain contexts/situations and not in others.

A guard dog can provide some degree of security, can be involved in a secure system. That remains true despite the fact that dogs are unable to recognize certain classes of threat, and you certainly wouldn't delegate the design of the whole system to the guard dog. Why can't we say the same about a bank?

You put a dog into quarantine because you think it might have rabies, not because you think dogs are stupid. Banks aren't stupid either.

Quarantine may be a useful architectural pattern in certain situations. It protects against delayed attacks - such as a disease with an fixed incubation period, or a software virus. An entity remains in quarantine until it can be properly scanned and disinfected, or until the disease emerges and runs its course, or until the incubation period expires. (For example, a software artefact might be presumed free of a Friday 13th software virus if nothing detectable happens on Friday 13th.)

However, guard dogs need to be contained - for their own safety as well as the safety of others. They must be protected against specific attacks - the burglar who tries to feed them with drugged meat, or to confuse them with extreme smells. When dogs bark their heads off, these reactions need to be properly interpreted. And when a dog doesn't bark in the night, this may provide an important clue to what happened (Sherlock Holmes)

Similarly, banks might need to be contained, and their activity (and inactivity) interpreted. (But I don't think this counts as quarantine.) But whether this is necessary (or even meaningful) depends on the architecture of the whole collaborative system.

Technorati Tags: