Talk:DistOS-2011W Attribution

From Soma-notes

What Is Attribution?

  • Binding an act to the Agent.

[Prof.Anil]

  • Attribution may refer to: Something, such as a quality or characteristic, that is related to a particular possessor; an attribute.

[Wikipedia]

  • something ascribed; an attribute.

[Dictionary.com]

What is an Agent?

  • An Agent can be a person or machine; The origin of the act.

What is an Attribute?

  • to consider as a quality or characteristic of the person, thing, group, etc. [Dictionary.com]
  • something attributed as belonging to a person, thing, group, etc.; a quality, character, characteristic, or property. [Dictionary.com]

Why do we want Attribution?

  • We want attribution in order to be able to identify the origin of acts done on the internet.

How does this affect us?

When do we want Attribution?

When do we not want Attribution?

How is attribution done today?

Cookies

Pros

Cons

What is missing?

Login/ Required Authentication

Pros

Cons

What is missing?

How should attribution be done?

Challenges

In order to develop an effective attribution system for computers the following challenges need to be addressed:

Identification

This is probably the biggest challenge of them all; how to identify users. Identification needs to be unique enough that no two users can ever have the same identification. A strong question is, to what level should this identification be? Is it enough to stop at the computer level, or should it stop at the user level.

  • If we choose to only identify computers, and leave responsibility to the owner of the computer, what should happen in the case of a stolen computer that is used to commit virtual crime. Maybe to cover this case it should be treated like cars and have insurance against to protect against theft.
  • In the case of identification at the human level, what information should be used in the identification. What information are people willing to give up. People generally like the partial anonymity over the internet, doing this is pretty much asking people to give that up. But maybe this is needed for the better of everyone.

Privacy

Being that people like the anonymity of surfing the internet, identification of who is where should only be made possible in the aftereffect when called upon. In other words, people should be able to surf the web anonymously, but in the event that maybe a DOS attach is executed, it can easily be traced back to the attacker.

Deployment

There are billions of computers already connected to the internet all over the world today. Development of an attribution system should take this into account.

Tracing

This is another key thing to consider. People may argue that this is not an aspect of attribution. On the other hand, tracing is the main or sole reason behind the need for attribution in the first place. Not considering it part of attribution is like BMW not considering the driver in the development of their vehicles.

Storage

This ties into identification; where should these identifications be stored and who should be granted access to them.