My turn to rise to the bait...
Dr. Frederick B. Cohen writes:
I have been thinking about the issues of anonymity for some time, and I have been convinced for some time that you can't have both integrity and anonymity.
What's your working definition of "integrity" in this context ?
Integrity:= 1) Steadfast adherence to a strict moral and ethical code. 2) A state of being unimpaired; soundness. 3) The quality or condition of being whole or undivided; soundness Also) soundness, completeness, Alternatively: 1) Strict personal honesty and independence... 2) Completeness; unity... 3) The state of being unimpaired; soundness...'' In this context, I might be misinterpreted as having meant that it is impossible to have both integrity and anonymity. That is not what I meant, although it is probably also true in a very strict sense. To clarify, I don't think you can assure integrity when you have anonymity. This follows from my earlier writings (circa 1984-89), which are fairly extensive, and in which I made the only marginally supported claim that you can't have (i.e., assure) both integrity and secrecy in a system with sharing. This came originally from the result that integrity + secrecy = no sharing (ala the combination of Biba and Bell-LaPadula) which was extended into a POset which characterizes the extent to which integrity and secrecy can be maintained based on transitive information flow. The less mathematical reasoning is that in order to be able to verify integrity, you have to be able to examine the information that is secret, while having secrecy requires that you not be able to have independent verification. Thus the two limit each other. Anonymity, in this copntext, can be thought of as secrecy. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236