[Noisebridge-discuss] Ring-based trust/security model

Jonathan Toomim jtoomim at jtoomim.org
Thu Feb 16 02:26:30 UTC 2012


TL;DR: Let's use a trust ring security model, with levels for Members, 
Friends, Guests, and Everyone Else. Most privileges are reserved for 
Guests and above. People who demonstrate hack fu become Friends, and get 
a key and 24/7 unsupervised access. Guests need to have a Member or 
Friend sponsor them while they're there; complaints about a Guest's 
behavior or odor can be passed on to their sponsor, who will likely be 
more approachable than the Guest.

On 2/15/2012 4:51 PM, Jonathan Toomim wrote:
> I think we need to redesign and make more explicit the security model 
> we use when dealing with users of NB. I think a ring-based model would 
> be better for us, since a capability-based model would be too 
> complicated and difficult to track. It also seems to be what we are 
> implicitly using right now.
>
> http://en.wikipedia.org/wiki/Ring_(computer_security) 
> <http://en.wikipedia.org/wiki/Ring_%28computer_security%29>
>
> Currently, it seems we have these rings:
>
> Ring levels:
> 0:    Members
> 1:    Non-members with keys
> 2:    Everyone else
> 3: https://noisebridge.net/wiki/85.5 (asked to leave once)
> 4: https://noisebridge.net/wiki/86
>
> The requirements for entry into these rings are:
> 0:    Paying money; https://www.noisebridge.net/wiki/Membership
> 1:    Being deemed a hacker, and/or being around at the right time
> 2:    [default]
> 3:    Being lame
> 4:    Being evil
>
> Currently, the privileges contained within each ring appear to be as 
> follows:
> 0:    Member shelves; participating in consensus decisions
> 1:    Not needing to use the buzzer
> 2:    Using the space 24/7; using the kitchen; using the refrigerator; 
> reserving use of the kitchen; using the bathrooms; attending classes; 
> conducting classes or meetings in the classrooms; hanging out in the 
> classrooms and not conducting classes; hacking; not hacking; hanging 
> around in the library; discussing the politics of homelessness; using 
> the computers to play Runescape; using the NES to play Wizards and 
> Warriors; buzzing people in; inviting people in; using the laser 
> cutter; using the 3D printers...
> 3.    Coming to Tuesday member meetings to discuss their status
> 4.    [empty set]
>
> I don't know about you, but I think that this model is about as secure 
> as Windows XP. Sure, we can keep patching Internet Explorer's security 
> holes as we find them, but as long as we give so many privileges to 
> our regular applications we're gonna have problems. I think we can do 
> better.
>
> Here is what I propose:
>
> Ring levels:
> 0:    Members
> 1:    Friends of NB
> 2:    Guests of NB
> 3.    Class attendees
> 4.    General public
> 5.    Tempban
> 6.    Permaban
>
> Requirements for being in each ring:
> 0:    Paying money; https://www.noisebridge.net/wiki/Membership
> 1:    Vouched for by 1 Member as being sane and competent in hack fu
> 2:    Sponsored by a Friend for up to 4 hours, or a Member; must wear 
> a label with the sponsor's name and expiration time
> 3:    Being in the right place at the right time
> 4:    [default]
> 5:    Being deemed a jerk by 1 Member or 3 Friends, or being deemed 
> dangerous by anyone
> 6:    Being deemed dangerous by 1 Member, or being deemed undesirable 
> by a consensus meeting
>
> Privileges within each ring:
> 0:    Member shelves; consensus decisions; beFriending; unFriending; 
> sponsoring guest-lectures and classes run by non-Friends; unlimited 
> sponsorship of Guests while present; right to arbitrarily boot anyone 
> in ring 1 or above (unless opposed by another Member); right to 
> arbitrarily tempban anyone in ring 2 or above
> 1:    Key/access code; unsupervised 24/7 access to the space; 
> unsupervised use of expensive tools (e.g. laser cutter); running 
> classes; reserving the kitchen or classrooms; right to create "do not 
> hack" labels (e.g. in refrigerator); booting or tempbanning of ring 2 
> and above with 2 other supporting Friends; sponsorship of 1 Guest at a 
> time for no more than 4 consecutive hours per Guest; unilaterally 
> booting one's own Guest; buzzing people in (but must check that 
> person's status before letting them roam around the space)
> 2:    Access to space while a sponsor is present; supervised use of 
> expensive tools; unsupervised use of everything else (including 
> kitchen and computers)
> 3:    Attending classes; using the bathrooms; limited kitchen access 
> (no cooking or refrigerator access)
> 4:    Same rights as Guest during Open Hacking hours (e.g. M-F 
> 0900-1700, plus one night a week); otherwise, must be actively 
> supervised by a Member or Friend
> 5:    Coming to Tuesday meetings to discuss their status
> 6:    [empty set]
>
> This would put most non-hackers in ring 2 or above. Sponsorship is 
> intended to be casually given; being someone's sponsor is 
> acknowledging responsibility to mediate any disputes that might arise. 
> For example, if Friend Fred sponsored skeezy Guest Scooter, and good 
> Guest Gwen didn't like Scooter, she could take a look at Scooter's 
> nametag, see that he was sponsored by Fred, and talk to Fred about 
> Scooter's status and behavior. Fred then has the option of either 
> mediating the dispute and trying to get Scooter's skeeziness under 
> control, explicitly booting Scooter, ignoring Gwen's complaint, or 
> simply revoking his Guest sponsorship and letting him either find 
> another sponsor or leave.
>
> For becoming a Friend, the "competent in hack fu" requirement was 
> chosen over "interested in learning hack fu" because it's easier to 
> verify actual hack fu than simple interest, and true interest usually 
> results in at least some degree of competence if it is sustained 
> (unless the person is just dumb, but I suspect we won't want dumb 
> Friends anyway).
>
>     -------
>
> Whatcha think? I don't know if I'll be able to make it to the Thursday 
> discussion group (might be returning to LA before then), so one of you 
> might have to adopt the advocacy of this plan if you like it.
>
> Jonathan
>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120215/692b8a75/attachment-0003.html>


More information about the Noisebridge-discuss mailing list