[Noisebridge-discuss] Ring-based trust/security model

jim jim at systemateka.com
Thu Feb 16 08:39:42 PST 2012



good analysis. 
tends to require some maintenance (a bad thing 
because of entropy and neglect). 

How to reduce the maintenance load? 



On Wed, 2012-02-15 at 18:26 -0800, Jonathan Toomim wrote:
> TL;DR: Let's use a trust ring security model, with levels for Members,
> Friends, Guests, and Everyone Else. Most privileges are reserved for
> Guests and above. People who demonstrate hack fu become Friends, and
> get a key and 24/7 unsupervised access. Guests need to have a Member
> or Friend sponsor them while they're there; complaints about a Guest's
> behavior or odor can be passed on to their sponsor, who will likely be
> more approachable than the Guest. 
> 
> On 2/15/2012 4:51 PM, Jonathan Toomim wrote: 
> > I think we need to redesign and make more explicit the security
> > model we use when dealing with users of NB. I think a ring-based
> > model would be better for us, since a capability-based model would
> > be too complicated and difficult to track. It also seems to be what
> > we are implicitly using right now. 
> > 
> > http://en.wikipedia.org/wiki/Ring_(computer_security)
> > 
> > Currently, it seems we have these rings:
> > 
> > Ring levels:
> > 0:    Members
> > 1:    Non-members with keys
> > 2:    Everyone else
> > 3:    https://noisebridge.net/wiki/85.5 (asked to leave once)
> > 4:    https://noisebridge.net/wiki/86
> > 
> > The requirements for entry into these rings are:
> > 0:    Paying money; https://www.noisebridge.net/wiki/Membership
> > 1:    Being deemed a hacker, and/or being around at the right time
> > 2:    [default]
> > 3:    Being lame
> > 4:    Being evil
> > 
> > Currently, the privileges contained within each ring appear to be as
> > follows:
> > 0:    Member shelves; participating in consensus decisions
> > 1:    Not needing to use the buzzer
> > 2:    Using the space 24/7; using the kitchen; using the
> > refrigerator; reserving use of the kitchen; using the bathrooms;
> > attending classes; conducting classes or meetings in the classrooms;
> > hanging out in the classrooms and not conducting classes; hacking;
> > not hacking; hanging around in the library; discussing the politics
> > of homelessness; using the computers to play Runescape; using the
> > NES to play Wizards and Warriors; buzzing people in; inviting people
> > in; using the laser cutter; using the 3D printers...
> > 3.    Coming to Tuesday member meetings to discuss their status
> > 4.    [empty set]
> > 
> > I don't know about you, but I think that this model is about as
> > secure as Windows XP. Sure, we can keep patching Internet Explorer's
> > security holes as we find them, but as long as we give so many
> > privileges to our regular applications we're gonna have problems. I
> > think we can do better.
> > 
> > Here is what I propose:
> > 
> > Ring levels:
> > 0:    Members
> > 1:    Friends of NB
> > 2:    Guests of NB
> > 3.    Class attendees
> > 4.    General public
> > 5.    Tempban
> > 6.    Permaban
> > 
> > Requirements for being in each ring:
> > 0:    Paying money; https://www.noisebridge.net/wiki/Membership
> > 1:    Vouched for by 1 Member as being sane and competent in hack fu
> > 2:    Sponsored by a Friend for up to 4 hours, or a Member; must
> > wear a label with the sponsor's name and expiration time
> > 3:    Being in the right place at the right time
> > 4:    [default]
> > 5:    Being deemed a jerk by 1 Member or 3 Friends, or being deemed
> > dangerous by anyone
> > 6:    Being deemed dangerous by 1 Member, or being deemed
> > undesirable by a consensus meeting
> > 
> > Privileges within each ring:
> > 0:    Member shelves; consensus decisions; beFriending; unFriending;
> > sponsoring guest-lectures and classes run by non-Friends; unlimited
> > sponsorship of Guests while present; right to arbitrarily boot
> > anyone in ring 1 or above (unless opposed by another Member); right
> > to arbitrarily tempban anyone in ring 2 or above
> > 1:    Key/access code; unsupervised 24/7 access to the space;
> > unsupervised use of expensive tools (e.g. laser cutter); running
> > classes; reserving the kitchen or classrooms; right to create "do
> > not hack" labels (e.g. in refrigerator); booting or tempbanning of
> > ring 2 and above with 2 other supporting Friends; sponsorship of 1
> > Guest at a time for no more than 4 consecutive hours per Guest;
> > unilaterally booting one's own Guest; buzzing people in (but must
> > check that person's status before letting them roam around the
> > space)
> > 2:    Access to space while a sponsor is present; supervised use of
> > expensive tools; unsupervised use of everything else (including
> > kitchen and computers)
> > 3:    Attending classes; using the bathrooms; limited kitchen access
> > (no cooking or refrigerator access)
> > 4:    Same rights as Guest during Open Hacking hours (e.g. M-F
> > 0900-1700, plus one night a week); otherwise, must be actively
> > supervised by a Member or Friend
> > 5:    Coming to Tuesday meetings to discuss their status
> > 6:    [empty set]
> > 
> > This would put most non-hackers in ring 2 or above. Sponsorship is
> > intended to be casually given; being someone's sponsor is
> > acknowledging responsibility to mediate any disputes that might
> > arise. For example, if Friend Fred sponsored skeezy Guest Scooter,
> > and good Guest Gwen didn't like Scooter, she could take a look at
> > Scooter's nametag, see that he was sponsored by Fred, and talk to
> > Fred about Scooter's status and behavior. Fred then has the option
> > of either mediating the dispute and trying to get Scooter's
> > skeeziness under control, explicitly booting Scooter, ignoring
> > Gwen's complaint, or simply revoking his Guest sponsorship and
> > letting him either find another sponsor or leave.
> > 
> > For becoming a Friend, the "competent in hack fu" requirement was
> > chosen over "interested in learning hack fu" because it's easier to
> > verify actual hack fu than simple interest, and true interest
> > usually results in at least some degree of competence if it is
> > sustained (unless the person is just dumb, but I suspect we won't
> > want dumb Friends anyway).
> > 
> >     -------
> > 
> > Whatcha think? I don't know if I'll be able to make it to the
> > Thursday discussion group (might be returning to LA before then), so
> > one of you might have to adopt the advocacy of this plan if you like
> > it.
> > 
> > Jonathan
> > 
> > 
> > _______________________________________________
> > Noisebridge-discuss mailing list
> > Noisebridge-discuss at lists.noisebridge.net
> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss




More information about the Noisebridge-discuss mailing list