I've been thinking, why aren't identities tied to the input devices rather than to the process, or “session”?
Here's the problem. At home, I often leave the computer running. In fact, I don't see any reason to log off just because I'm going to get a drink from the fridge. I have a 4 year old and a 2 year old. Turns out, the 2 year old is incredibly fast at A) identifying when a computer is on, and B) when I'm not using it. I have this fear that she'll accidentally hit “format c:“, or “Delete All“, or some such.
Wouldn't it be nice of the system said “no, you don't have permission to format C: because you are not Doug“? I think it would.
I say restrict the action, not the actee. That is, it's more important to control the avenues through which actions are taken than to control the applications which execute them.
OK, how does this work? Well, for one, we could have proximity-sensing input devices that transmitted a “user“ signal along with the input signal. The proximity sensor could detect a person wearing an RFID tag inbedded in, let's say, a watch. Yes, you could go hog-wild and have a microchip implanted but hey, let's not get crazy. The point is, it's not necessarily the application that “does“ things, but rather the input devices we use to direct the them.
Posted
Dec 29 2006, 07:45 PM
by
doug-walter