Interesting People mailing list archives
ip: THE TRUSTED OFFICE OF THE FUTURE
From: Dave Farber <farber () cis upenn edu>
Date: Tue, 25 Feb 1997 14:56:48 -0500
By the way when you read this it was written over ten years ago. Just how
much has changed?
Dave
TITLE:
THE TRUSTED OFFICE OF THE FUTURE
AUTHORS:
Prof. David J. Farber, University of Delaware
Peter G. von Glahn, University of Delaware
Stephen T. Walker, Trusted Information Systems, Inc.
ABSTRACT:
Several studies have examined the character of the
office of the future. They generally looked at handling
routine information and at general information processing.
In any real office, however, a certain amount of non-
routine, sensitive information must also be handled.
Personnel, financial, patent-related, or proprietary
corporate information as well as government classified
information fall into this latter category. We believe that
it is possible and desirable to handle this non-routine
information using the same computer tools as are used to
handle routine matters. This paper describes an
architecture and a family of tools that allow information
with varying sensitivities to be thus handled.
We assume that organizations and offices of the future
will not be too different from those of today. Human beings
will run these offices using procedures not far removed from
today's. We assume that this future office will be fully
computerized and that everyone will have his or her personal
computer. All the personal computers will be linked
together with a local computer network. Certain resources
(e.g., large file stores, printers, high speed computational
engines) will still be expensive in the future thus, sharing
them among many users will be common. This sharing will
take place using the same network that links the personal
computers. Since neither the common resources nor the
computer networks will be cheap, using one system to handle
both routine and sensitive information will be common. This
integrated system use will make the computers more
acceptable to users and management. (In fact, personal
computers and office networks may not be accepted until this
can be done.) Rather than invent new procedures for handling
this mix of material, we propose to extend current office
information-handling practice into what we call the Trusted
Office of the Future.
We base our Trusted Office of the Future on a
distributed network architecture made up of personal
computers and isolated specialized servers linked together
with a local computer network. We feel that such an
architecture can be made safe for use with sensitive
information and is capable of growth as needs change. This
safety can be provided by integrating security-related
features into each member of the network. Since each member
can be trusted to deal with sensitive information properly,
we call our system the Trusted Office System.
We anticipate that each worker in the office of the
future will have his or her own Personal Work Place
connected to the office computer network. The Personal Work
Place, we envision, will be a dedicated microprocessor-based
personal computer or workstation with built-in user
interfaces and mass storage. It will provide the tools and
local storage the worker needs to do his or her work. We
assume that workers dealing with sensitive materials are
trusted to do their jobs properly and maintain security
since they can be held accountable for their actions.
Therefore, they will be free to manipulate both routine and
sensitive information within their Personal Work Place as
required. Embedded within the Personal Work Place will be a
hardware/software module we call the Private Secretary. The
Private Secretary will handle security functions as well as
provide the network interface for the Personal Work Place.
Besides Personal Work Places, a collection of servers
will reside on the network. These will be single purpose
computers, each with a hardware/software module similar to
the Private Secretary to handle security. Archival storage
will be handled by file servers. Hard copy printout will be
handled by a print server augmented by a personnel
identification module (to validate a user's identification
prior to delivering sensitive material to him or her).
Computational servers will handle database and number-
crunching functions on a single-user-at-a-time basis (to
eliminate security problems associated with multiple users).
A security server will handle system security
administration. Since we assume the existence of multiple
offices, each with its own local network, an office gateway
server will handle interoffice traffic. It will provide
security encapsulation and routing for this traffic. It
will also maintain a local user directory to process
incoming interoffice communications.
This paper is divided into four sections. The first
expands on our assumptions about the environment of the
office of future. The second gives an overview of current
(non-computerized) office practice for handling a mix of
routine and sensitive material. The next section suggests
an extension of this practice into the office of the future.
The final section presents our thoughts on how such a
Trusted Office of the Future could be realized.
Current thread:
- ip: THE TRUSTED OFFICE OF THE FUTURE Dave Farber (Feb 25)