User:Mstone/Commentaries/Infrastructure 1: Difference between revisions

From OLPC
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
Line 3: Line 3:
; Data integrity
; Data integrity
: It should be possible to verify the integrity of reference documentation on an independent system booted from read-only media.
: It should be possible to verify the integrity of reference documentation on an independent system booted from read-only media.
: -- ''Reason: if you're concerned about a system then you probably don't know whether any secrets it contained are still secret.''


; Timely access
; Timely access
Line 10: Line 11:
: When people leave the VIG, it should be easy to remove their access to secrets created after their exit.
: When people leave the VIG, it should be easy to remove their access to secrets created after their exit.
: If people ever leave the VIG non-amicably, it should be possible to quickly update important secrets throughout the communal infrastructure.
: If people ever leave the VIG non-amicably, it should be possible to quickly update important secrets throughout the communal infrastructure.
: It should be easy to add give new VIG members access to current secrets.


; Publishability
; Publishability

Revision as of 21:46, 16 September 2008

Here are some proposed requirements for a software system and procedure for communal maintenance of infrastructure:

Data integrity
It should be possible to verify the integrity of reference documentation on an independent system booted from read-only media.
-- Reason: if you're concerned about a system then you probably don't know whether any secrets it contained are still secret.
Timely access
Failures of otherwise critical pieces of infrastructure should not inhibit timely read or write access to the reference documentation.
Credential rotation
When people leave the VIG, it should be easy to remove their access to secrets created after their exit.
If people ever leave the VIG non-amicably, it should be possible to quickly update important secrets throughout the communal infrastructure.
It should be easy to add give new VIG members access to current secrets.
Publishability
Secrets should be carefully separated from public knowledge (e.g. with encryption or quarantine) so that everything else can be published.