Identity and Authority ( was RE: CAP Visualization...)

[Art Botterell <acb@incident.com>]

This is another deep and broad question... and one that's somewhat 
more specific to the scope of CAP.

Traditionally, the term "warning" has been associated with certain 
kinds of formal, usually governmental sources.  That's been 
reinforced by the liability and image concerns of private, especially 
corporate, sources.  However, there's really no reason why a CAP 
message couldn't be generated by a sensor device or by an individual 
who observes something (on the "hue and cry" model of street-corner 
and hallway fire alarm boxes.)

The question then becomes, how much weight does one give to a 
message... and particularly to an instruction... from a particular 
source?  And should that weighting be the same for every recipient?

While it might be tempting to hard-wire those decisions into a system 
policy on "authorization," such an authoritarian approach could cause 
inflexibility and preclude  productive ad-hoc and "emergent" 
processes.  Besides, by what authority could anyone be prohibited 
from issuing a warning?  Might not that raise a First Amendment issue?

So maybe it would be more practical for clients to maintain some sort 
of "trusted source" list, or (more elaborate) to subscribe to some 
sort of source-credibility rating service.  Note the distinction 
between a "trusted source" model and a subscription model... the 
first listens to all sources but pays special attention to others, 
the other listens only to pre-designated sources.

Again this assumes fairly bullet-proof authentication of the sender 
and protections for message integrity... but assessing source quality 
is another issue altogether.

- Art


At 1:12 PM -0500 5/20/04, Bullard, Claude L (Len) wrote:
>BTW:  where is the CAP source or who is it's provider?
>
>We were discussing this over lunch.  In a typical 911
>system, say a kidnapping occurs, the 911 center dispatches
>the police officer to investigate and he reports on
>the incident.  Then the provider is the police records
>management system.  Given a weather alert, the provider
>is possibly the National Weather Service.  On the other
>hand, as in Huffines's case, the local TV stations are
>sitting on a lot of radar equipment but may not be
>authorized to issue an alert even when they can
>plainly see the hook return.  So they 'advise'
>their viewers.  Obviously, the closer one gets to
>real time events, the situation as to which feed a
>subcriber wants to see changes, and I guess that is
>a reason for the TV feed you have in the corner.
>
>len