Permissions on the edge

CoreStreet has just signed a deal with Swedish locksmith Assa Abloy that will enable doors to enforce highly granular card access policies without wired (or wireless) connections. When an employee swipes a card at the main entrance, it's refreshed with a daily set of proofs. The door need only check that the proof binds a resource (itself) to an identity (the employee) at a certain time (today).

CoreStreet's president, Phil Libin, sketches another interesting scenario. Suppose an employee needs a proof to access her own laptop but can't contact the network. Since proofs are minimally just 20 bytes, it's feasible to convey one in a phone call.

We'll always have to manage permissions centrally. But CoreStreet's method of distributing them to the edge of the network -- and beyond -- strikes me as an excellent way to tackle a thorny logistical problem. [Full story at InfoWorld.com]


Former URL: http://weblog.infoworld.com/udell/2003/09/28.html#a809