POLA

From Erights

(Difference between revisions)
Jump to: navigation, search
m (changing references to stub page into reference to template stub)
(improve/expand)
Line 1: Line 1:
POLA can stand for principle of least authority or principle of least access.
POLA can stand for principle of least authority or principle of least access.
-
Basicly it is about not giving programs more authority/access than they need to run to do
 
-
their intended job. No more and no less.
 
-
The canocial example is Solarite: an single player game of cards.
+
The principle is to give programs (or any active agent) the minimum [[authority]] which is sufficient for them to perform their intended (by the invoker) task.
-
The game only needs authority to open one window, draw to it,
+
-
recieve events directed at that window and read write access to
+
-
an file keeping the highscores. (Optionally read access to image files
+
-
used as the tabletop, the front faces of the cards and the back face of
+
-
the cards)
+
 +
The benefit we claim for [[capabilities]] is that they make it practical to apply POLA everywhere, whereas current access-control systems are too coarse, difficult to configure, or don't carry enough information to make proper run-time decisions, such that the only feasible option is to give far too much authority.
-
----
+
Our traditional anti-example is the Solitaire game in Windows. The game only ''needs'' authority to open one window, draw to it, receive events directed at that window, and to read and write a file keeping the high scores; but what it ''gets'' is all the authority bundled into the user account it is running under (just like all other programs run in that account).
{{stub}}
{{stub}}

Revision as of 00:57, 20 September 2008

POLA can stand for principle of least authority or principle of least access.

The principle is to give programs (or any active agent) the minimum authority which is sufficient for them to perform their intended (by the invoker) task.

The benefit we claim for capabilities is that they make it practical to apply POLA everywhere, whereas current access-control systems are too coarse, difficult to configure, or don't carry enough information to make proper run-time decisions, such that the only feasible option is to give far too much authority.

Our traditional anti-example is the Solitaire game in Windows. The game only needs authority to open one window, draw to it, receive events directed at that window, and to read and write a file keeping the high scores; but what it gets is all the authority bundled into the user account it is running under (just like all other programs run in that account).

This page is a stub; it should be expanded with more information. If doing so, check the original E web site and the mailing list archives for content which could be moved into this page.
Personal tools
more tools