[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Part 2: System Structure
|
From: |
Marcus Brinkmann |
|
Subject: |
Re: Part 2: System Structure |
|
Date: |
Thu, 18 May 2006 19:51:42 +0200 |
|
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Thu, 18 May 2006 19:07:26 +0200,
Pierre THIERRY <address@hidden> wrote:
>
> Scribit Marcus Brinkmann dies 18/05/2006 hora 15:36:
> > > The hospital case is very special.
> > The hospital case can be summarized like this: "The law requires the
> > implementor to implement DRM. How do you do it?"
>
> I'm not sure that the need of the hospital use case is indeed DRM. I
> can't speak for Shap, but this kind of answer is dismissal for me
> because it's not that obvious that there is a need for DRM, and you use
> the DRM argument to reject the case.
Jonathan wrote in that thread that HIPAA requires a separating kernel
and that "the HIPAA regulations preclude a hierarchical resolution."
So, I am just relying on his statement about HIPAA. As I said, I can
not evaluate HIPAA, so it is difficult for me to respond definitely.
This is why I added the qualifier in my mail "if this is in fact
true".
Well, if it is _not_ true that DRM is required by HIPAA, then this
means that there is a system design that implements HIPAA but does not
rely on confinement+encapsulation. In this case, I could
theoretically proceed to evaluate such a design to test its
feasibility. But Jonathan says that there is no such system design,
and I believe him.
> Of course, if you're right that the core need here is in fact DRM, and
> DRM is to be banned from the Hurd, so you're perfectly right to reject
> the case. But there is a hole in the logical chain that should lead to
> your answer (at least for me).
I am not rejecting it on that grounds. In fact, of all submissions,
HIPAA seems to come closest to the requirements of my challenge, with
one caveat: It is probably not the implementation of HIPAA that is the
use case, but the HIPAA regulation itself, as I explained in the mail
to which you replied.
The reason I have to reject this example is that it is impossible for
me to evaluate it within the constraints I have. I do not have the
time and money to research, or even read and understand, the HIPAA
regulation. And even if I did, I could not reasonably expect anybody
else to follow. Check it out for yourself.
http://www.hhs.gov/ocr/hipaa/ seems to be a good place to start.
Thanks,
Marcus
- Re: Part 2: System Structure, (continued)
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/16
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/16
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/17
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/17
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/17
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/17
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/17
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/18
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/18
- Re: Part 2: System Structure, Pierre THIERRY, 2006/05/18
- Re: Part 2: System Structure,
Marcus Brinkmann <=
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/18
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/18
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/18
- Re: Part 2: System Structure, Marcus Brinkmann, 2006/05/18
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/18
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/18
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/18
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/18
- Re: Part 2: System Structure, Bas Wijnen, 2006/05/19
- Re: Part 2: System Structure, Jonathan S. Shapiro, 2006/05/19