{"id":58717,"date":"2022-08-12T02:03:37","date_gmt":"2022-08-12T06:03:37","guid":{"rendered":"http:\/\/pappp.net\/?guid=190457af5a689983f82eff3450517722"},"modified":"2022-08-12T10:18:41","modified_gmt":"2022-08-12T14:18:41","slug":"a-taxonomy-of-access-control","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=58717","title":{"rendered":"A Taxonomy of Access Control"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2022\/08\/a-taxonomy-of-access-control.html\">Schneier on Security<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: This is very elegant, let's teach people to reason this way.<\/div><p>My personal definition of a brilliant idea is one that is immediately obvious once it&rsquo;s explained, but no one has thought of it before. I can&rsquo;t believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in <a href=\"https:\/\/eprint.iacr.org\/2021\/1522.pdf\" rel=\"noopener noreferrer\">this<\/a> paper. The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key&mdash;or an account, or anything similar&mdash;can be in one of four states:<\/p>\n<blockquote><p><b>safe<\/b> Only the user has access,<br \/><b>loss<\/b> No one has access,<br \/><b>leak<\/b> Both the user and the adversary have access, or<br \/><b>theft<\/b> Only the adversary has access.<\/p><\/blockquote>\n<p>Once you know these states, you can assign probabilities of transitioning from one state to another (someone hacks your account and locks you out, you forgot your own password, etc.) and then build optimal security and reliability to deal with it. It&rsquo;s a truly elegant way of conceptualizing the problem.<\/p>","protected":false},"excerpt":{"rendered":"<p>My personal definition of a brilliant idea is one that is immediately obvious once it\u2019s ex&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=58717\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-58717","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/58717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=58717"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/58717\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=58717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=58717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=58717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}