DISQUS

JasonKolb.com: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

  • TulsaRandy · 2 months ago
    Jsaon - thanks for the post - so let me rephrase your post and please tell me if i have it right. The default state is deny, the act of adding a person to a wave grants them access to the wave. too simple... is there a way to kick someone? does access to a wave provide access to all subordinate wavelets?

    Thanks.
    randy
  • jasonkolb · 2 months ago
    Right. The elegant piece is that you can sprout new sub-conversations off the main conversation, and only let certain people be involved in that. Then, when you don't need them anymore, you take it back to the main conversation. It's very simple and I love it.
  • Alexander Ainslie (@AAinslie) · 2 months ago
    Jason - So how would in-wave security work in a use case like a cc/banking transaction or an online casino both of which require high levels of protection?

    www.twitter.com/aainslie
  • gwern · 2 months ago
    Sounds like Wave is using a capability security model. Well, it's always good to see the idea of capabilities filter out.
  • mike · 2 weeks ago
    Well, I somewhat disagree with you. While the proposed model (adding people as needed) seems easy and works well in a social network-like environment, it is definitely not suited for enterprise security, especially if you try to apply a role-based model which requires centralized administration.
  • mike · 2 weeks ago
    This is actually scary! Alice shares a secret with Bob and has no control over what Bob does with that secret. Bob shares the secret with Charlie without telling Alice. Alice would like to erase the secret but she cannot do that. Meanwhile, Charlie told the secret to everyone in highschool :) How smart is that! :)

    Seriously, let's spit the cool-aid and examine it. It is a very cool bundle of existing technology for social networking. That is it! It is nowhere near an architecture that would work in enterprise environment. Here is my fear: CTOs and developers will begin evangelizing this as the best thing after bread slice and start using it in the corporate environment. Since it is blatantly unsuitable, people will start writing "add-ons" to address security. Why does that sound awfully familiar?!