[Noisebridge-discuss] Ring-based trust/security model

Thu Feb 16 00:51:40 UTC 2012

I think we need to redesign and make more explicit the security model we 
use when dealing with users of NB. I think a ring-based model would be 
better for us, since a capability-based model would be too complicated 
and difficult to track. It also seems to be what we are implicitly using 
right now.

http://en.wikipedia.org/wiki/Ring_(computer_security) 
<http://en.wikipedia.org/wiki/Ring_%28computer_security%29>

Currently, it seems we have these rings:

Ring levels:
0:    Members
1:    Non-members with keys
2:    Everyone else
3: https://noisebridge.net/wiki/85.5 (asked to leave once)
4: https://noisebridge.net/wiki/86

The requirements for entry into these rings are:
0:    Paying money; https://www.noisebridge.net/wiki/Membership
1:    Being deemed a hacker, and/or being around at the right time
2:    [default]
3:    Being lame
4:    Being evil

Currently, the privileges contained within each ring appear to be as 
follows:
0:    Member shelves; participating in consensus decisions
1:    Not needing to use the buzzer
2:    Using the space 24/7; using the kitchen; using the refrigerator; 
reserving use of the kitchen; using the bathrooms; attending classes; 
conducting classes or meetings in the classrooms; hanging out in the 
classrooms and not conducting classes; hacking; not hacking; hanging 
around in the library; discussing the politics of homelessness; using 
the computers to play Runescape; using the NES to play Wizards and 
Warriors; buzzing people in; inviting people in; using the laser cutter; 
using the 3D printers...
3.    Coming to Tuesday member meetings to discuss their status
4.    [empty set]

I don't know about you, but I think that this model is about as secure 
as Windows XP. Sure, we can keep patching Internet Explorer's security 
holes as we find them, but as long as we give so many privileges to our 
regular applications we're gonna have problems. I think we can do better.

Here is what I propose:

Ring levels:
0:    Members
1:    Friends of NB
2:    Guests of NB
3.    Class attendees
4.    General public
5.    Tempban
6.    Permaban

Requirements for being in each ring:
0:    Paying money; https://www.noisebridge.net/wiki/Membership
1:    Vouched for by 1 Member as being sane and competent in hack fu
2:    Sponsored by a Friend for up to 4 hours, or a Member; must wear a 
label with the sponsor's name and expiration time
3:    Being in the right place at the right time
4:    [default]
5:    Being deemed a jerk by 1 Member or 3 Friends, or being deemed 
dangerous by anyone
6:    Being deemed dangerous by 1 Member, or being deemed undesirable by 
a consensus meeting

Privileges within each ring:
0:    Member shelves; consensus decisions; beFriending; unFriending; 
sponsoring guest-lectures and classes run by non-Friends; unlimited 
sponsorship of Guests while present; right to arbitrarily boot anyone in 
ring 1 or above (unless opposed by another Member); right to arbitrarily 
tempban anyone in ring 2 or above
1:    Key/access code; unsupervised 24/7 access to the space; 
unsupervised use of expensive tools (e.g. laser cutter); running 
classes; reserving the kitchen or classrooms; right to create "do not 
hack" labels (e.g. in refrigerator); booting or tempbanning of ring 2 
and above with 2 other supporting Friends; sponsorship of 1 Guest at a 
time for no more than 4 consecutive hours per Guest; unilaterally 
booting one's own Guest; buzzing people in (but must check that person's 
status before letting them roam around the space)
2:    Access to space while a sponsor is present; supervised use of 
expensive tools; unsupervised use of everything else (including kitchen 
and computers)
3:    Attending classes; using the bathrooms; limited kitchen access (no 
cooking or refrigerator access)
4:    Same rights as Guest during Open Hacking hours (e.g. M-F 
0900-1700, plus one night a week); otherwise, must be actively 
supervised by a Member or Friend
5:    Coming to Tuesday meetings to discuss their status
6:    [empty set]

This would put most non-hackers in ring 2 or above. Sponsorship is 
intended to be casually given; being someone's sponsor is acknowledging 
responsibility to mediate any disputes that might arise. For example, if 
Friend Fred sponsored skeezy Guest Scooter, and good Guest Gwen didn't 
like Scooter, she could take a look at Scooter's nametag, see that he 
was sponsored by Fred, and talk to Fred about Scooter's status and 
behavior. Fred then has the option of either mediating the dispute and 
trying to get Scooter's skeeziness under control, explicitly booting 
Scooter, ignoring Gwen's complaint, or simply revoking his Guest 
sponsorship and letting him either find another sponsor or leave.

For becoming a Friend, the "competent in hack fu" requirement was chosen 
over "interested in learning hack fu" because it's easier to verify 
actual hack fu than simple interest, and true interest usually results 
in at least some degree of competence if it is sustained (unless the 
person is just dumb, but I suspect we won't want dumb Friends anyway).

     -------

Whatcha think? I don't know if I'll be able to make it to the Thursday 
discussion group (might be returning to LA before then), so one of you 
might have to adopt the advocacy of this plan if you like it.

Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120215/f6f43356/attachment.html>