[olpc-software] Authentication, authorization, personalization/imprinting

[Mike Hearn]

David Malcolm wrote:
> My guess here is that all that's really doable is one of (i) do you have
> physical access to the machine?

Traditional approach to Linux desktop security has revolved around root 
vs user, but that's shoe-horning a security model that made sense in the 
70s into a totally different situation today.

Authentication is being used to do three things currently:

* Separate multiple user accounts - but not applicable here, unless
   perhaps the family wish to use the childs laptop and treat it as
   a family laptop.

* Prevent unauthorized access to data from people physically in front of
   the machine. Realistically, is the headache of lost passwords worth
   it? How much sensitive data will children have? Not much, I'd expect.

* Establish a trusted path to the user ... that's what needing root to
   reconfigure networks/date/software is about, really.

If the first two aren't really applicable then that leaves the third, 
which can be better done in other ways, for instance using a combination 
of SELinux (but used differently to how it's used in Fedora Core) and 
the fact that the X server will tell you which events are synthetic. 
Such a scheme can make the system both more secure and easier to use (by 
eliminating password prompts).

But that's pretty new/experimental stuff as well, and there is probably 
a limit to how much of that is a good idea for the first generation 
product. So, being traditional here and prompting for the users password 
Ubuntu-style might be better.

thanks -mike