Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Secure Public Data Repository?

Posted by michael on from the inviting-target dept.

jducoeur writes "So Hailstorm has died an unlamented death. But the demand for the idea of an information repository isn't going to go away -- users demand convenience, and this would be convenient. So here's a timely question looking for wild speculation: how would a truly secure, public data repository work? How would your data be stored? Would it be centralized or distributed? How would you grant access to specific elements within it? What would the business case for running such an archive be? Maybe if we can come up with a good design now, we can head off the next inevitable bad one..."

7 of 175 comments (clear)

  1. Ocean Store by nweaver · · Score: 5, Informative

    The Oceanstore project at Berkeley is aiming to do just that: create a distributed storage model to provide a global, distributed, persistant storage resource.

    --
    Test your net with Netalyzr
  2. We're working on it... by Wonderkid · · Score: 2, Informative

    As per many other postings here on /., we're hoping to make oNumber.net a user controlled central repository. You create your entry, you manage it, you control who gets to see what and you can delete your listing anytime. There are built in features such as the SPACECARD and Resume generator that make it useful on it's own. People access your SPACECARD using the unique oNumber that identifies your entry.

    --

    O'WONDERWe're working on it.

    1. Re:We're working on it... by Anonymous Coward · · Score: 1, Informative

      We came up with the idea in 1992 (before the net actually!)

      Um, dude, people I work with were playing with the Internet in the early 1970s, and http was first implimented/used in 1990. See http://www.www.org/History.html.

      What you meant to say was before "the dot-com bubble".

  3. XNS by OneName by kindbud · · Score: 4, Informative
    Here's a model that is implemented and attempting to gain adopters. It supports:
    • User authentication and authorization across multiple trust domains
    • Automated exchange, management, and auditing of consumer information, based on permissions and in compliance with government regulations
    • Automated customer registration and updating
    • Automated management of public key infrastructure security solutions
    • Synchronization of permissions, entitlements, and other context-based user information
    They were fairly actively seeking clients during the Bubble Years, but understandably things are not rolling along so well these days. Anyone care to comment on what is available at their site? It seems to implement everything people say they want in a single-signon solution. That's probably why it hasn't been widely adopted, too much control is given to the owner of the information (that'd be YOU). :)
    --
    Edith Keeler Must Die
  4. Hailstorm NOT dead, I am afraid... by sphealey · · Score: 3, Informative

    Microsoft announced that they were deferring for the time being the idea of Hailstorm as a fully, explicitly Microsoft-controlled depository in direct competition with their customers. They did not say that Hailstorm was going away, merely that it would now be broken up into multiple repositories managed in partnership with their customers (e.g. large banks and e-commerce sites). Which is not to say that (a) the concept no longer exists (b) the aggregate total will not be under Microsoft's control (c) they might not revive the central repository idea in the future.

    sPh

  5. Re:How I'd do this system! [registrars, trust mode by lux55 · · Score: 2, Informative
    Thirdly, and very importantly, all information held in the system is (C) the user, licensed under strict contract to the Information Repository to use. This is a protection against somebody buying the system if it becomes successful and changing the terms of service.
    Too bad so few companies would ever agree to or word a TOS this way...
    Eighth, and most importantly, none of this is worth shit without a constitutionally guaranteed right to privacy. Without that, any scheme can be forced over time into revealing more about users than they wish to reveal, either by legal, economic, social or political means.
    In Canada, there are new laws that are being slowly introduced that are much more oriented in favour of the individual, and that have pretty strong implications for businesses doing business here and collecting personal data. My lawyer's main area of interest is privacy law, and they have some good links on their site, including some papers he has published on the subject at: http://www.aikins.com/practice/tekno.htm
    --
    putfwd.com - 1GB Free file storage with a twist
  6. XNS is dead by IamTheRealMike · · Score: 3, Informative
    As part of the development of Genio which later turned into PingID we looked at XNS extensively.

    However, their technology is deeply flawed, not just in an engineering sense but also a legal one: it is tied down by patents and IP disputes, and their system is essentially centralised.

    They also have almost nobody on board at all, you can get an XNS "agent" but not use it anywhere. The technology is ludicrously complicated, hidden behind masses of white papers that don't really tell you what to do in order to make an implementation.