[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Negative Policies
I don't think it is a question of making a system "idiot proof" I think it is a question of not digging a hole and scattering leaves over it. The problem is not that people are idiots. In a large scale system, control is distributed. A lot of people have to work more or less independently to make things happen on a day to day basis. If the system is designed so that changes in one place impact things in a remote part of the system, problems are inevitable, no matter how good the people are. I call designs that have this property "fragile". I want to design systems which are not fragile, in part out of pride in doing a good job. But I am also in business to sell systems. If my customer can not make the technology work he will not buy it. Operations types at large corporations are a lot more hard-nosed than technology architects. I am sure we will continue to disagree on judgements about where to draw the line, but I believe we both share the goal of creating designs that will be practical to operate in real world environments. Regards, Hal > -----Original Message----- > From: bill parducci [mailto:bill@parducci.net] > Sent: Friday, September 21, 2001 12:41 PM > To: xacml@lists.oasis-open.org > Subject: RE: Negative Policies > > > > While all technologies can be misused, I believe engineers have a > > responsibility to design systems to avoid unnecessary risks > to the extent > > possible. When the same sort of accident occurs over and > over again it > > behooves us to see if there are ways to make reasonable > tradeoffs to avoid > > them in future. Since you mention cars, I will point to the > redesign of the > > Corvair and more recently efforts to reduce the tendancy of > SUVs to flip > > over. > > > > The law makes a distinction between inherently dangerous > objects, which a > > reasonable person will realize are dangerous and ordinary > objects which bear > > no such presumption. If you pick up a chainsaw by the blade > and are injured, > > you are a fool. If you pick up a toaster and are injured, > there is something > > wrong with the design. > > > > Hal > > therein lies the fundamental difference in our positions: i > am proposing the > acceptance of individual responsibility by implementers, > while you seem to be > suggesting that it be 'legislated'. > > i believe that if we start down the road of trying to make > the model 'idiot proof' > (i.e. not able to be misused by non 'reasonable persons') > flexibility, usability > and functionality will suffer as we chase the definition of > what 'reasonable' > is (i suspect that our definitions differ significantly -- if > you 'pick up a > toaster' without making sure it is not hot you are a fool). > > since i do not read our charter to state the need to protect > implementers from > themselves i think that we should focus on maximizing the > feature set, not > limiting it. > > b > > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC