Responsibility

From MgmtWiki
Revision as of 20:40, 27 June 2023 by Tom (talk | contribs) (Authorization)

Jump to: navigation, search

Full Title or Meme

The state or fact of being accountable or to blame for something.

The opportunity or ability to act independently and make decisions without authorization.

Context

In Identity and Access Management Responsibility is a topic of major concern. Who, exactly, should be responsible for acts taken to identify the person who has Authorization to act?

  1. Issuer of an Identity Credential
  2. Holder of an Identity Credential
  3. Verifier of an Identity Credential

In computer software and hardware deployment who should be responsible for failures of the the deployment?

  1. The manufacturer
  2. The installer
  3. The Owner

Source

The root of all enterprise responsibility comes from the committee given that responsibility by law, typically it will be a board of directors or similar group charged with that function.

Authorization

Deployed Systems

Updating software

A debate has been raging (in 2023) about whether the owner should be responsible for updates. An argument has been made the the manufacturer should bear full responsibility for failures and would then be incentivized to make the software better. For an extreme example see Code of Hammurabi. But "if there were unlimited liability by the manufacture there would very few of them in business. ... For a selling party to assume liability for a defect found in a product, in the U.S. Uniform Commercial Code the product has to be considered "tangible"—and the UCC says software is still considered to be "a general intangible."[1] In an odd way, this actually makes sense. Engineering disciplines only exist in tangible areas, such as civil, chemical, mechanical, and electrical engineering where tables of materials strengths and properties can be created and regulations can be created around acceptable safety margins based on intended use. No such tables exist for software, and none have shown a sign of emerging over the past 20 years."[2]

References

  1. Drug and Device Law. New Decision Directly Addresses the "Is Software a Product" Question. (May 2, 2022); https://bit.ly/3JrKZnE
  2. Steve Lipner +1, Updates, Threats, and Risk Management (2023-05) CACM 66 No. 5 p. 21-23
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Responsibility&oldid=18007"