[LINK] RFI: Multi-User Capability on User Machines

Roger Clarke Roger.Clarke at xamax.com.au
Mon Sep 4 14:58:33 AEST 2006


There's some diversity in the valuable responses received so far.


Firstly, to clarify my question:

At 14:09 +1000 4/9/06, steve jenkin wrote:
>Multi-user is a security term saying that users have unique identities
>and all processes have that attribute - and there are system enforced
>restrictions based on the identity/security attributes of processes. Ie.
>The OS has an uncircumventable Security SubSystem.
>Concurrent user is a loose term meaning more than one person is "logged
>on" to a system, whatever "logged on" means. Generally can initiate
>programs and what their output in real-time.

I meant the former, i.e. system-enforced security has to be a given, 
and 'concurrent user' doesn't cut the mustard.

(The context I'm thinking about requires secure support for separate 
cookies for each user, i.e. protected by at least a username-password 
pair.  No prizes for guessing that I'm again thinking into the Amazon 
Single-Click Patent, and the (in)security of relying on a cookie to 
communicate the client-identifier, rather than enforcing a login 
procedure).


Secondly, there seem to be at least three schools of thought:


Positive:

Geoff Muldoon <geoff.muldoon at scu.edu.au>:
>IIRC Windows NT4 Workstation was the first viable one we used (would not
consider NT3.5 to be so).  Depends whether you consider that to be for
generic "end-user" machines, as it was intended for the "business"
market only.

I don't think it was readily purchaseable at your local computer 
shop, or pre-installed on consumer machines, was it?  And was it 
really multi-user (in Steve's terms), or just insecure concurrent 
user?


Lukewarm:

At 14:09 +1000 4/9/06, steve jenkin wrote:
>By Win-95 IIRC, definitely Win-98, it supported the notion of a "logged
>in user" - but it didn't support a proper security subsystem or real
>owner attributes in the FileSystem. certainly not ACL's.

So not Win-98.  What about MS 2000 and XP then?


Negative:

Howard Lowndes <lannet at lannet.com.au>:
>As far as I'm aware, they still don't.
>You can get Remote Access, Remote Assistance and Terminal Services, 
>but it is hardly multiuser ala Unix/Linux/OSX

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW



More information about the Link mailing list