POLA

From Erights

Jump to: navigation, search

POLA can stand for principle of least authority or principle of least access.

The principle is to give programs (or any active agent) the minimum authority which is sufficient for them to perform their intended (by the invoker) task.

The benefit we claim for capabilities is that they make it practical to apply POLA everywhere, whereas current access-control systems are too coarse, difficult to configure, or don't carry enough information to make proper run-time decisions, such that the only feasible option is to give far too much authority.

Our traditional anti-example is the Solitaire game in Windows. The game only needs authority to open one window, draw to it, receive events directed at that window, and to read and write a file keeping the high scores; but what it gets is all the authority bundled into the user account it is running under (just like all other programs run in that account).

The two terms:

  • POLA (principle of least authority)
  • POLP (principle of least privilege)

give different name to the same idea. We intentionally use the name POLA instead of the usual POLP because the second name is distracting. It is not enough to focus on permissions of the subject. We must consider its authority.

This page is a stub; it should be expanded with more information. If doing so, check the original E web site and the mailing list archives for content which could be moved into this page.
Personal tools
more tools