Sunday 17 February 2008

The end of the Domain concept?

Late 1999 I held a presentation about future developments in computer security. By then, there was an overwhelming hipe in firewall installations. During my speech I was asked about my personal opinion about how firewalls will develop in the future.

My response was quite surprising to the audience.
Firewalls and Virus protection are as protective as a perforated condom works for saver sex.
The audience was not happy. They came for support in their next major investment. Speakers before and after me were praising the techology as a panacea for any sorts of protection.

After my presentation a professor of the local university approached me. He congratuated me on the overall speach but commented, that I was completely wrong on my deduction that firewalls would be unnecessary devices in the future.

9 years after

The Dot.Com bubble was building up, Application Service Provisioning was on the verge, it was clear by then that most communication in the future would traverse through three ports only: HTTP/HTTPS and SMTP (well, there still are some more around).

If so, every communication channel would be redirected in the future to use one of these channel (it proved correct as we see large scale spam and web site attacks and only a few successful expliots).

9 years from now

Where's the point?

Systems cannot be protected at the perimeter any more. Protection schemes have to be introduced into every software service and application. With the increasing offerings of Web Services, boundaries between companies vanish (yet the title). Our carefully crafted computer domains will erode. As soon as they are consolidated (after mergers and company consolidations) they will be obsolete.

We have to use services and data across company boundaries. Small companies have to share information in order to withstand the pressure introduced by large multination enterprises.

If so, this raises the question of who has and who owns information (in the form of data).

DRM becomes DARM

What we see in the music industry is an absurde effort to protect rights. DRM, Digital Rights Management (or restriction of rights of the owner) is a technological approach to manifest control over the use of data.

DARM, Data Access Rigths Management (sorry, I did not come across any suitable term so far), will be the next development. What ACLs are to the operating system, DARM will be to information.

DARM will not only cover the rights to access information, but also timing information and environmental parameters that allow for viewing the content (similar to cascaded style sheets on steroids).
In this future, the concept of computer domains makes no sense.
Notebook users (especially those using Microsoft Windows) have trouble traversing domains. Trusts on the domain level have to be set up or the user will not be able to access any peripherals or services provided by the local domain.

With the concept of Service Oriented Architecture carried on, the IT of the company of the future will pretty much look like an encapsulated ISP. Services will be offered to anyone subscribing to it.
  • Questions about ownership of data and services have to answered.
  • Issues of multi cultural access and presentation have to be solved.
  • Problems relating to the timely validity will arise.
  • Censorship and circumvention of it will be on the agenda.
But I doubt that in 9 years from now we will see a logon dialog that offeres the domain as third parameter to authentication.