« November »
Locations of visitors to this page

Powered by blojsom

Radovan Semančík's Weblog

Monday, 19 November 2007
« HTTPS Security | Main | Panacea »

Trust simplifies our lives. Human lives. Trust is a relationship that is build on emotions. If you trust someone, you expect him that he will behave in some specific way without being forced or highly motivated to do so. You rely that the feelings of the trustee will not allow to betray your trust.

Trust applies only to human beings. It makes no sense to think about trusting the computers. Computers do not have emotions, do not have feelings. Computers does only what they are programmed to do.

When you think that you trust your computer, you in fact trust a lot of people: engineers that designed and manufactured the hardware, architects and developers that provided the software, distributors that delivered the computer, network operators that maintain the network you have used to download the software ... and lots of other people involved with creating the thing that you are looking at just now.

We should not trust computers. Firstly, is not the smartest thing you can do. To trust the computers you have to trust the software developers at the very minimum. And that's a very foolish thing to do (been there, done that). Secondly, it makes no sense to trust non-human object.

The correct thinking is: How strong is my belief that my computer operates as I would expect? Belief is not a binary value and does not imply any emotions on the other (non-human) side of the relation. I pretty much believe there will be snow in the winter (there is, usually). But I do not trust the weather to bring the snow. I believe that a stone will fall down when I drop it, but I do not trust the stone to fall. Got the idea?

The consequence of this is that the usage of word trust in IT is all wrong. The names like WS-Trust or Trusted Computing are incorrect (although they sounds great from marketing perspective).

Maybe all of this sounds strange and simplistic, but I believe there is more to it. I will try to follow-up on this topic in the next blog posts.

Posted by semancik at 9:10 PM in security
Comment: Yogesh Hublikar at Thu, 1 Jan 12:00 AM

I'm sure this is not the right place to put up these queries. My appologies! However I didn't find any way to contact the author of blog. Here we go, I had few queries regarding IAM and thought should ping you! Here we go, As we know, each domain has it's own challenges or key factors which drives the IAM implementation: Can you points out the pain areas or key challenges in following industry - Banking - Retail Banking - Wealth Mgmt - Treasury - Insurance (ALl insurance related application) - Finance (Back office application to Securities/Trading applications etc) Let's first point out the challenges in each of the domain? Second, How IAM can addresses each of the issues? Any pointer or document addressing above issues is appreciated! Thanks in Advance, -Yogesh

Add your comment:
(not displayed)
Generate another code

Please enter the code as seen in the image above to post your comment.
Your comments will be submitted for approval by blog owner to avoid comment spam. It will not appear immediately. Also please be sure to fill out all mandatory fields (marked by asterisk). This ... ehm ... imperfect software does not have any error indication for missing input fields.


[Trackback URL for this entry]