Re: Column Redaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2014 02:40 AM, Simon Riggs wrote:
> As soon as you issue the above query, you have clearly indicated 
> your intention to steal. Receiving information is no longer 
> accidental, it is an explicit act that is logged in the auditing 
> system against your name. This is sufficient to bury you in court 
> and it is now a real deterrent. Redaction has worked.
> 
> Redaction is similar to a 3m high razor wire fence. The fence 
> reminds you of what is correct and dissuades you from going 
> further. The fence does not prevent access by a determined and 
> skillful agent (Rod), but the CCTV cameras that are set out will 
> record the action. It will be almost impossible to claim you were 
> just walking your dog, and the wire cutters were a gift for your 
> brother in law.
> 
> Redaction prevents accidental information loss only, forcing any 
> loss that occurs to be explicit. It ensures that loss of 
> information can be tied clearly back to an individual, like an ink 
> packet that stains the fingers of a thief.
> 
> I don't have a word or pithy phrase for this concept. Maybe 
> something related to "forcing their hand", flushing game into the 
> open, or simply preventing "tipping your hand" and inadvertently 
> allowing data loss.
> 
> Redaction clearly relies completely on auditing before it can have 
> any additional effect. And the effectiveness of redaction needs to 
> be understood next to Rod's example.
> 
> Since it relies on auditing, we need to do that first.

This is a really good summary. I definitely know of folks who would be
interested in this feature, but I also agree, as you have said, it
relies on a good audit trail.

Joe


- -- 
Joe Conway
credativ LLC: http://www.credativ.us
Linux, PostgreSQL, and general Open Source
Training, Service, Consulting, & 24x7 Support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUOTOGAAoJEDfy90M199hlswcP/1qUtwvsb+a4hKqL3FsIIkmK
+2f5x+TRm1C5B04QhVa4A7iOr+lfzcoGChV2x2EwCqKJWNzwcpZfB/vBNv593KU4
/WZ+r0o0Hih69dE8gAS602xkrw8x3iAqcTzfyrfiE2O9yhYjoCmqqPls6PtgACc7
JI9pNiPRO+Sd2B308FaD70KkbnGDjMeFPgrxU7NRZwf0NG/bkDq28vSJl5QLg6DO
lFEtB1mMVWWmlnfTgw+zTXamxPJZTLK2Z38OBX3mjjD+64kEMjI5YQ39X8T9Ndfu
0dCA6KCqfCiy/ANETv0ScdoO/uiEQ6VfkbXy1lHK9sWDgu7HOwTPo4c0ft4tILDK
NIXvCYAFK0aPzuEVLFfwf6wm6BP7kuJ+42fY+VwMwCkt4DoQpLRJChIQzJ9ilmK2
suMSmC/sxHeRkLwRAo4uHyAzLZbectq3VC6Zdjlx35jdWG7We1katBoIU8MOC0sc
YFcUJRQk+PTxjp1fOPS7szDZulCMMXP4s0v07hiW5z6EaY82I9mJk6dnuk8eha16
3h4zBgbkM9hZhKLlbwLFSUKZrQdUklRJDXQhUuUqSIOQAU02zEKs2Pl0w1l+h5CY
cb0xPfvkIVPgrDMRfEhdbr+rh2jcEE4gQeuWNe0cexuyZiKI+Xc2MLscaeqIeBNJ
bEur+OvRj+wlnrYPGA80
=gTcG
-----END PGP SIGNATURE-----