Least & Necessary Patterns

I’ve been writing a number of articles lately on the elements that I feel
are needed for trusted architectures for the storage and transmission of
data about identities, personal information, and other digital assets. My
most recent one talks about a famous security design pattern called “The
Principle of Least Privilege”:


The Principle of Least Privilege is simple enough. It says: give someone
the least permissions they need to do their job. Mark S. Miller later
expanded it to consider full ecosystems, talking about not just the
permissions you have, but also the permissions held by applications that
you have access to.

I think this can be meaningfully expanded as a design principle for data
access, using patterns such as Data Minimization and Selective Disclosure.
I call this the Principle of Least Access, which I state as follows:

> “In order to protect privacy, respect individual entitlements, and
maintain human dignity, only the minimum amount of data access necessary to
achieve a specific goal should be granted.”

Obviously, this is very important for identities of all sorts that we’re
creating on the internet.

I’d love to hear your thoughts on these design patterns and also their
flipsides, which I call the Principles of Necessary Privilege, Authority,
and Access. These patterns instead look at what permissions (or authority
or access) we must grant to make sure that users can do their tasks. This
helps to reset the boundaries of design and to focus a designer’s attention
on the positive, rather than fighting a never-ending battle against
security breaches. Is it more beneficial to proactively grant permissions
rather than deny them? I think so.

Thanks for your thoughts!

-- Christopher Allen

Received on Wednesday, 27 September 2023 18:49:50 UTC