[LINK] RFI: Multi-User Capability on User Machines
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Sep 4 14:58:33 AEST 2006
There's some diversity in the valuable responses received so far.
Firstly, to clarify my question:
At 14:09 +1000 4/9/06, steve jenkin wrote:
>Multi-user is a security term saying that users have unique identities
>and all processes have that attribute - and there are system enforced
>restrictions based on the identity/security attributes of processes. Ie.
>The OS has an uncircumventable Security SubSystem.
>Concurrent user is a loose term meaning more than one person is "logged
>on" to a system, whatever "logged on" means. Generally can initiate
>programs and what their output in real-time.
I meant the former, i.e. system-enforced security has to be a given,
and 'concurrent user' doesn't cut the mustard.
(The context I'm thinking about requires secure support for separate
cookies for each user, i.e. protected by at least a username-password
pair. No prizes for guessing that I'm again thinking into the Amazon
Single-Click Patent, and the (in)security of relying on a cookie to
communicate the client-identifier, rather than enforcing a login
procedure).
Secondly, there seem to be at least three schools of thought:
Positive:
Geoff Muldoon <geoff.muldoon at scu.edu.au>:
>IIRC Windows NT4 Workstation was the first viable one we used (would not
consider NT3.5 to be so). Depends whether you consider that to be for
generic "end-user" machines, as it was intended for the "business"
market only.
I don't think it was readily purchaseable at your local computer
shop, or pre-installed on consumer machines, was it? And was it
really multi-user (in Steve's terms), or just insecure concurrent
user?
Lukewarm:
At 14:09 +1000 4/9/06, steve jenkin wrote:
>By Win-95 IIRC, definitely Win-98, it supported the notion of a "logged
>in user" - but it didn't support a proper security subsystem or real
>owner attributes in the FileSystem. certainly not ACL's.
So not Win-98. What about MS 2000 and XP then?
Negative:
Howard Lowndes <lannet at lannet.com.au>:
>As far as I'm aware, they still don't.
>You can get Remote Access, Remote Assistance and Terminal Services,
>but it is hardly multiuser ala Unix/Linux/OSX
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list