User:Mstone/Commentaries/Infrastructure 1: Difference between revisions

Revision as of 21:46, 16 September 2008

Here are some proposed requirements for a software system and procedure for communal maintenance of infrastructure:

Data integrity: It should be possible to verify the integrity of reference documentation on an independent system booted from read-only media.; -- Reason: if you're concerned about a system then you probably don't know whether any secrets it contained are still secret.

Timely access: Failures of otherwise critical pieces of infrastructure should not inhibit timely read or write access to the reference documentation.

Credential rotation: When people leave the VIG, it should be easy to remove their access to secrets created after their exit.; If people ever leave the VIG non-amicably, it should be possible to quickly update important secrets throughout the communal infrastructure.; It should be easy to add give new VIG members access to current secrets.

Publishability: Secrets should be carefully separated from public knowledge (e.g. with encryption or quarantine) so that everything else can be published.

@@ Line 3: / Line 3: @@
 ; Data integrity
 : It should be possible to verify the integrity of reference documentation on an independent system booted from read-only media.
+: -- ''Reason: if you're concerned about a system then you probably don't know whether any secrets it contained are still secret.''
 ; Timely access
@@ Line 10: / Line 11: @@
 : When people leave the VIG, it should be easy to remove their access to secrets created after their exit.
 : If people ever leave the VIG non-amicably, it should be possible to quickly update important secrets throughout the communal infrastructure.
+: It should be easy to add give new VIG members access to current secrets.
 ; Publishability