How would you architect and secure a platform where virtue determines access and governance, not popularity or money?
Looking for: security opinions, stack suggestions, critiques, and threat modeling.
If anyone is interested in collaboration on this premise please let me know.
Comments
masking•3mo ago
Interested. Background is in software and devops.
Follow up..
access and governance are two separate things: Authentication and Authorization. Each might have a different answer.
The “thing” accessed.. is it user created, community owned, or institutionally owned? I would imagine that has a bearing on the process.
EDIT 2:
Stack Overflow immediately comes to mind.
This answer might be more philosophic than useful, but how acceptable is a violation of the virtue or trust? Say a virtuous person abuses the trust in an unquestionable way.. say they used community funds to buy narcotics for children. Is it “ok” to base a system on past virtue when future virtue is highly consequential?
tigydavid•3mo ago
I would say institutionalized but created with input from the community to guard against bias. Preferably, the system would reach “competence” and the virtue index would be sufficiently successful in predicting future outcomes, as well as current moral position. I have some docs that lay out principles if you want to see them. The main challenge is the accuracy and repeatability of virtue authentication, as this would enable a new paradigm of consciousness.
tigydavid•3mo ago
I want to add that, given neither fatalism nor nihilism, but something more like partial-determinism in that destiny (past action requiring debt to be paid) and current/future free will co-operate, how would you go about these problems? It is so elusively difficult
nacozarina•3mo ago
have seen RBAC implemented via internally-managed x.509 certs; endpoint identity is enriched with Org, OU0, OU1, …, params; a custom REST service provides authorization services after initial authentication. Nothing special about the certs themselves. Hard part is defining the authorization services, how you register apps, granularity of perms, etc. The coding is tedious but straightforward; getting prerequisite agreements around policy is hard.
masking•3mo ago
Follow up..
access and governance are two separate things: Authentication and Authorization. Each might have a different answer.
The “thing” accessed.. is it user created, community owned, or institutionally owned? I would imagine that has a bearing on the process.
EDIT 2:
Stack Overflow immediately comes to mind.
This answer might be more philosophic than useful, but how acceptable is a violation of the virtue or trust? Say a virtuous person abuses the trust in an unquestionable way.. say they used community funds to buy narcotics for children. Is it “ok” to base a system on past virtue when future virtue is highly consequential?
tigydavid•3mo ago
tigydavid•3mo ago