More Infosec stuffing:
Haven't brushed up on 'information geometry' yet ;) but this reminds me of what I was trying to map out with raw real data here:
Long rambling post lives here if anyone is interested, but very network centric and is garrulous and overblown: http://bsdosx.blogspot.com/2006/06/byo-rfc.html
Basically, should we be mapping everything real time at the data object and/or flow level from an operational perspective. Could every managed node actively stream back data? Should there be secure management covert channels ( Think Sebek http://www.honeynet.org/tools/sebek/sebek_intro.png ) to constantly feed back a nodes state, message passing and flows?
When you think about it, are nodes too independent and not surveilled enough? Rather than configure something to monitor/watch them (Openview, IDS, Argus), assuming initial trust, could they *constantly* advertise/disseminate statistical/session data that could be base lined (other than syslog/SNMP traps etc)? Am thinking initial zeroconf and MANETS style operation here, or MMORPG gaming clients? libkstat on steroids?
I know Verdasys have Digital Guardian, CA have Audit... but will Enterprise Digital Rights Management scale, or does it have the same problems as PKI.
Surveillance and Adhocracy scale. With utility computing, servers will move and be re-purposed and the clients are already on the move.