Principle Of Least Authority

Often shortened to POLA. Another name for the PrincipleOfLeastPrivilege (but see below). Also see ParadigmRegained.

On the e-lang mailing list, MarcStiegler? writes:

I use [POLA instead of POLP] incessantly in my presentations to the outside world, and the term POLA simply sounds better. Saying POLP, I sound like a lumberjack with a speech impediment.

The fact that only capability people use the term often enough to actually need a good acronym is, to me, a striking indication of how fouled up the rest of the world is. You can't even do lip service to the principle of least privilege with an acronym like POLP :-)

There's actually an important distinction being made by this terminology difference. ParadigmRegained explains a distinction which they label "permission" vs "authority". Looking back over the history of confusion over access control, it's clear that this distinction had not been made, and "permissions", "authority", and "privilege" were used interchangeably, with all parties assuming they were talking about the same thing.

However, once armed with this distinction, it's clear that the mainstream was seeking to limit the inappropriate propagation of (what we would now call) permission, while the cap community was seeking to limit the inappropriate propagation of (what we would now call) authority. For example, ACLs provide for the revocation of permission, but are very weak at supporting revocation of authority. In caps, revocation of permission is impossible, but caps better support revocation of authority. Given that both sides thought they were talking about the same concept, no wonder they were confused about why they were arriving at opposite results.

It remains an open question whether Saltzer and Schroeder meant by "Principle of Least Privilege" something more like "Principle of Least Permission" or "Principle of Least Authority". In any case, the cap community now says POLA to make it clear that they are talking about the latter.

CategorySecurity