[Noisebridge-discuss] Ring-based trust/security model
Jonathan Toomim
jtoomim at jtoomim.org
Thu Feb 16 00:51:40 UTC 2012
I think we need to redesign and make more explicit the security model we
use when dealing with users of NB. I think a ring-based model would be
better for us, since a capability-based model would be too complicated
and difficult to track. It also seems to be what we are implicitly using
right now.
http://en.wikipedia.org/wiki/Ring_(computer_security)
<http://en.wikipedia.org/wiki/Ring_%28computer_security%29>
Currently, it seems we have these rings:
Ring levels:
0: Members
1: Non-members with keys
2: Everyone else
3: https://noisebridge.net/wiki/85.5 (asked to leave once)
4: https://noisebridge.net/wiki/86
The requirements for entry into these rings are:
0: Paying money; https://www.noisebridge.net/wiki/Membership
1: Being deemed a hacker, and/or being around at the right time
2: [default]
3: Being lame
4: Being evil
Currently, the privileges contained within each ring appear to be as
follows:
0: Member shelves; participating in consensus decisions
1: Not needing to use the buzzer
2: Using the space 24/7; using the kitchen; using the refrigerator;
reserving use of the kitchen; using the bathrooms; attending classes;
conducting classes or meetings in the classrooms; hanging out in the
classrooms and not conducting classes; hacking; not hacking; hanging
around in the library; discussing the politics of homelessness; using
the computers to play Runescape; using the NES to play Wizards and
Warriors; buzzing people in; inviting people in; using the laser cutter;
using the 3D printers...
3. Coming to Tuesday member meetings to discuss their status
4. [empty set]
I don't know about you, but I think that this model is about as secure
as Windows XP. Sure, we can keep patching Internet Explorer's security
holes as we find them, but as long as we give so many privileges to our
regular applications we're gonna have problems. I think we can do better.
Here is what I propose:
Ring levels:
0: Members
1: Friends of NB
2: Guests of NB
3. Class attendees
4. General public
5. Tempban
6. Permaban
Requirements for being in each ring:
0: Paying money; https://www.noisebridge.net/wiki/Membership
1: Vouched for by 1 Member as being sane and competent in hack fu
2: Sponsored by a Friend for up to 4 hours, or a Member; must wear a
label with the sponsor's name and expiration time
3: Being in the right place at the right time
4: [default]
5: Being deemed a jerk by 1 Member or 3 Friends, or being deemed
dangerous by anyone
6: Being deemed dangerous by 1 Member, or being deemed undesirable by
a consensus meeting
Privileges within each ring:
0: Member shelves; consensus decisions; beFriending; unFriending;
sponsoring guest-lectures and classes run by non-Friends; unlimited
sponsorship of Guests while present; right to arbitrarily boot anyone in
ring 1 or above (unless opposed by another Member); right to arbitrarily
tempban anyone in ring 2 or above
1: Key/access code; unsupervised 24/7 access to the space;
unsupervised use of expensive tools (e.g. laser cutter); running
classes; reserving the kitchen or classrooms; right to create "do not
hack" labels (e.g. in refrigerator); booting or tempbanning of ring 2
and above with 2 other supporting Friends; sponsorship of 1 Guest at a
time for no more than 4 consecutive hours per Guest; unilaterally
booting one's own Guest; buzzing people in (but must check that person's
status before letting them roam around the space)
2: Access to space while a sponsor is present; supervised use of
expensive tools; unsupervised use of everything else (including kitchen
and computers)
3: Attending classes; using the bathrooms; limited kitchen access (no
cooking or refrigerator access)
4: Same rights as Guest during Open Hacking hours (e.g. M-F
0900-1700, plus one night a week); otherwise, must be actively
supervised by a Member or Friend
5: Coming to Tuesday meetings to discuss their status
6: [empty set]
This would put most non-hackers in ring 2 or above. Sponsorship is
intended to be casually given; being someone's sponsor is acknowledging
responsibility to mediate any disputes that might arise. For example, if
Friend Fred sponsored skeezy Guest Scooter, and good Guest Gwen didn't
like Scooter, she could take a look at Scooter's nametag, see that he
was sponsored by Fred, and talk to Fred about Scooter's status and
behavior. Fred then has the option of either mediating the dispute and
trying to get Scooter's skeeziness under control, explicitly booting
Scooter, ignoring Gwen's complaint, or simply revoking his Guest
sponsorship and letting him either find another sponsor or leave.
For becoming a Friend, the "competent in hack fu" requirement was chosen
over "interested in learning hack fu" because it's easier to verify
actual hack fu than simple interest, and true interest usually results
in at least some degree of competence if it is sustained (unless the
person is just dumb, but I suspect we won't want dumb Friends anyway).
-------
Whatcha think? I don't know if I'll be able to make it to the Thursday
discussion group (might be returning to LA before then), so one of you
might have to adopt the advocacy of this plan if you like it.
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120215/f6f43356/attachment.html>
More information about the Noisebridge-discuss
mailing list