Re: Content security model

On Thu, Jul 26, 2012 at 11:52 AM, Martin Thomson
<> wrote:
> On 25 July 2012 18:00, Phillip Hallam-Baker <> wrote:
>> A trusted intermediary can do anything it likes and the recipient will
>> accept the data (provided that the trusted intermediary
>> re-authenticates it)
> Well, there is trust and then there is trust.  I might trust an
> intermediary to look at my data to determine if it contains bad stuff,
> but I might not trust it to modify it.  One problem with the current
> system is that you don't get to choose.


If I have a purchasing system I want to have a split control so that a
purchase order requires an authorization by a manager and a
confirmation by the purchasing clerk.

The purchasing clerk (or rather their computer) needs to see the
contents of the purchase order but must not be capable of generating
orders by themselves. That leads to $15 million carbon credit frauds.


Received on Thursday, 26 July 2012 17:43:27 UTC