[Noisebridge-discuss] Ring-based trust/security model
Jonathan Toomim
jtoomim at jtoomim.org
Thu Feb 16 02:26:30 UTC 2012
TL;DR: Let's use a trust ring security model, with levels for Members,
Friends, Guests, and Everyone Else. Most privileges are reserved for
Guests and above. People who demonstrate hack fu become Friends, and get
a key and 24/7 unsupervised access. Guests need to have a Member or
Friend sponsor them while they're there; complaints about a Guest's
behavior or odor can be passed on to their sponsor, who will likely be
more approachable than the Guest.
On 2/15/2012 4:51 PM, Jonathan Toomim wrote:
> I think we need to redesign and make more explicit the security model
> we use when dealing with users of NB. I think a ring-based model would
> be better for us, since a capability-based model would be too
> complicated and difficult to track. It also seems to be what we are
> implicitly using right now.
>
> http://en.wikipedia.org/wiki/Ring_(computer_security)
> <http://en.wikipedia.org/wiki/Ring_%28computer_security%29>
>
> Currently, it seems we have these rings:
>
> Ring levels:
> 0: Members
> 1: Non-members with keys
> 2: Everyone else
> 3: https://noisebridge.net/wiki/85.5 (asked to leave once)
> 4: https://noisebridge.net/wiki/86
>
> The requirements for entry into these rings are:
> 0: Paying money; https://www.noisebridge.net/wiki/Membership
> 1: Being deemed a hacker, and/or being around at the right time
> 2: [default]
> 3: Being lame
> 4: Being evil
>
> Currently, the privileges contained within each ring appear to be as
> follows:
> 0: Member shelves; participating in consensus decisions
> 1: Not needing to use the buzzer
> 2: Using the space 24/7; using the kitchen; using the refrigerator;
> reserving use of the kitchen; using the bathrooms; attending classes;
> conducting classes or meetings in the classrooms; hanging out in the
> classrooms and not conducting classes; hacking; not hacking; hanging
> around in the library; discussing the politics of homelessness; using
> the computers to play Runescape; using the NES to play Wizards and
> Warriors; buzzing people in; inviting people in; using the laser
> cutter; using the 3D printers...
> 3. Coming to Tuesday member meetings to discuss their status
> 4. [empty set]
>
> I don't know about you, but I think that this model is about as secure
> as Windows XP. Sure, we can keep patching Internet Explorer's security
> holes as we find them, but as long as we give so many privileges to
> our regular applications we're gonna have problems. I think we can do
> better.
>
> Here is what I propose:
>
> Ring levels:
> 0: Members
> 1: Friends of NB
> 2: Guests of NB
> 3. Class attendees
> 4. General public
> 5. Tempban
> 6. Permaban
>
> Requirements for being in each ring:
> 0: Paying money; https://www.noisebridge.net/wiki/Membership
> 1: Vouched for by 1 Member as being sane and competent in hack fu
> 2: Sponsored by a Friend for up to 4 hours, or a Member; must wear
> a label with the sponsor's name and expiration time
> 3: Being in the right place at the right time
> 4: [default]
> 5: Being deemed a jerk by 1 Member or 3 Friends, or being deemed
> dangerous by anyone
> 6: Being deemed dangerous by 1 Member, or being deemed undesirable
> by a consensus meeting
>
> Privileges within each ring:
> 0: Member shelves; consensus decisions; beFriending; unFriending;
> sponsoring guest-lectures and classes run by non-Friends; unlimited
> sponsorship of Guests while present; right to arbitrarily boot anyone
> in ring 1 or above (unless opposed by another Member); right to
> arbitrarily tempban anyone in ring 2 or above
> 1: Key/access code; unsupervised 24/7 access to the space;
> unsupervised use of expensive tools (e.g. laser cutter); running
> classes; reserving the kitchen or classrooms; right to create "do not
> hack" labels (e.g. in refrigerator); booting or tempbanning of ring 2
> and above with 2 other supporting Friends; sponsorship of 1 Guest at a
> time for no more than 4 consecutive hours per Guest; unilaterally
> booting one's own Guest; buzzing people in (but must check that
> person's status before letting them roam around the space)
> 2: Access to space while a sponsor is present; supervised use of
> expensive tools; unsupervised use of everything else (including
> kitchen and computers)
> 3: Attending classes; using the bathrooms; limited kitchen access
> (no cooking or refrigerator access)
> 4: Same rights as Guest during Open Hacking hours (e.g. M-F
> 0900-1700, plus one night a week); otherwise, must be actively
> supervised by a Member or Friend
> 5: Coming to Tuesday meetings to discuss their status
> 6: [empty set]
>
> This would put most non-hackers in ring 2 or above. Sponsorship is
> intended to be casually given; being someone's sponsor is
> acknowledging responsibility to mediate any disputes that might arise.
> For example, if Friend Fred sponsored skeezy Guest Scooter, and good
> Guest Gwen didn't like Scooter, she could take a look at Scooter's
> nametag, see that he was sponsored by Fred, and talk to Fred about
> Scooter's status and behavior. Fred then has the option of either
> mediating the dispute and trying to get Scooter's skeeziness under
> control, explicitly booting Scooter, ignoring Gwen's complaint, or
> simply revoking his Guest sponsorship and letting him either find
> another sponsor or leave.
>
> For becoming a Friend, the "competent in hack fu" requirement was
> chosen over "interested in learning hack fu" because it's easier to
> verify actual hack fu than simple interest, and true interest usually
> results in at least some degree of competence if it is sustained
> (unless the person is just dumb, but I suspect we won't want dumb
> Friends anyway).
>
> -------
>
> Whatcha think? I don't know if I'll be able to make it to the Thursday
> discussion group (might be returning to LA before then), so one of you
> might have to adopt the advocacy of this plan if you like it.
>
> Jonathan
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120215/692b8a75/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list