JasonKolb.com - Latest Comments in Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

coneryj — Fri, 29 Jan 2010 10:14:02 -0000

I created a main wave with a number of subwaves for a personal notebook where I was the only person invited. I later added a friend to the head of the main wave and he can't see any of the subwaves...Do I need to find every subwave and invite him to those? I've unfollowed my subwaves so that only the top level waves in my hierarchies are in by inbox...

I don't know if he would've had access to the subwaves if I had invited him from the start. However I'd like to share with him at this point and it's a bit frustrating.

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

mike — Sat, 21 Nov 2009 00:08:39 -0000

This is actually scary! Alice shares a secret with Bob and has no control over what Bob does with that secret. Bob shares the secret with Charlie without telling Alice. Alice would like to erase the secret but she cannot do that. Meanwhile, Charlie told the secret to everyone in highschool :) How smart is that! :)

Seriously, let's spit the cool-aid and examine it. It is a very cool bundle of existing technology for social networking. That is it! It is nowhere near an architecture that would work in enterprise environment. Here is my fear: CTOs and developers will begin evangelizing this as the best thing after bread slice and start using it in the corporate environment. Since it is blatantly unsuitable, people will start writing "add-ons" to address security. Why does that sound awfully familiar?!

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

mike — Fri, 20 Nov 2009 22:37:59 -0000

Well, I somewhat disagree with you. While the proposed model (adding people as needed) seems easy and works well in a social network-like environment, it is definitely not suited for enterprise security, especially if you try to apply a role-based model which requires centralized administration.

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

gwern — Sun, 20 Sep 2009 22:11:37 -0000

Sounds like Wave is using a capability security model. Well, it's always good to see the idea of capabilities filter out.

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

Alexander Ainslie (@AAinslie) — Fri, 18 Sep 2009 16:19:50 -0000

Jason - So how would in-wave security work in a use case like a cc/banking transaction or an online casino both of which require high levels of protection?

www.twitter.com/aainslie

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

jasonkolb — Tue, 15 Sep 2009 14:21:35 -0000

Right. The elegant piece is that you can sprout new sub-conversations off the main conversation, and only let certain people be involved in that. Then, when you don't need them anymore, you take it back to the main conversation. It's very simple and I love it.

Re: Google's Ingenious Wave Security Model - Jason Kolb re: the Future of the Internet

TulsaRandy — Tue, 15 Sep 2009 13:15:41 -0000

Jsaon - thanks for the post - so let me rephrase your post and please tell me if i have it right. The default state is deny, the act of adding a person to a wave grants them access to the wave. too simple... is there a way to kick someone? does access to a wave provide access to all subordinate wavelets?

Thanks.
randy