Steven M. Bellovin
smb at cs.columbia.edu
Mon Oct 23 18:17:45 UTC 2006
On Mon, 23 Oct 2006 10:40:19 -0700 (PDT), "John A. Kilpatrick"
<john at hypergeek.net> wrote:
> On Mon, 23 Oct 2006, Craig Holland wrote:
> > In fact he did have an AT&T badge which he was not allowed to hand over
> > either. The fellow I chatted with at AT&T said they are not allowed to
> > hand over their badge because it would compromise their security.
> My tech said the same thing. That keycard could grant central office
> access so he couldn't surrender it.
That's quite likely accurate. My AT&T badge let me in via unattended
entrances at a variety of facilities; I'd expect that a tech's badge would
indeed work for many COs.
A better answer is for the COLO management to supply a number, on
request, to tenants; they'd pass this number on to their supplier, for
one-time use by the tech.
A government-issued ID (at most) proves your identity; it says nothing
about your authorization to be somewhere. A company-issued ID (at most)
proves that you work for some company that may or may not (a) be present
at the COLO, and (b) may or may not be there for legitimate reasons.
What's necessary here is *permission*.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG