Monday, October 11, 2004

Inside, outside, leave me alone

One of our key requirements for a team workspace is that it works the same regardless of where you are or what your company affiliation is. It should work the same for an employee working from home or an off-site consultant as it does for an employee sitting at her desk in a company facility. If you should have access, you do, and if you shouldn't, you don't. Furthermore, end-user workspace administrators need to be able to simply add and delete people regardless of company affiliation.

While security wonks might want to exert tighter control than that, let's look at what people do today. They email the documents in question to the recipients. The access control list is the email's distribution list. Setting up a team workspace this way has the same security profile, and you have to replicate the simplicity of email with the team workspace or people won't use it.

The challenge is in making this happen. Most people still reflexively think of security in terms of inside and outside the company, but the lines aren't so clear anymore. Worse, inside and outside are often taken to mean literally on company premises or not. Location is a poor proxy for company affiliation.

Ideally, this sort of access control needs to apply to your "internal" blogs as well as most of your "unstructured" company information, but the infrastructure simply isn't there right now. Our team workspaces project will hopefully start to get more of the necessary infrastructure in place.


Anonymous Anonymous said...

a quadrophenia reference, awe-some !!

1:31 PM  

Post a Comment

<< Home