Customers are
collaborators; you want customers IN,
not OUT
In simple and perfect
systems they cannot access private areas, but
๊ System failures - trap doors, etc. abound
oRelease checking provides a backstop and intrusion
detection
๊ Updates for customer convenience create
unexpected interactions
oHelpful query modification broadens access
๊ New usages were not foreseen during design
partitioning
oCustomer access to inventory for rapid supply-line
verification
oNew, unthought of collaborators -- Russians in Kosovo
need access to info
Techniques -- much
content has signatures that are (nearly) unique
oCheck to stop credit card numbers in outgoing data,
as from music sites
oCheck to stop email addresses in outgoing
reports
Dont rely exclusively on access control when the
objective is to protect release of private information !