[cap-talk] POLP v. POLA

Ian G iang at systemics.com
Mon Oct 31 03:29:45 EST 2005

Toby Murray wrote:

> I wonder whether there is some consensus out there, about whether people 
> intuitively understand "least privilege" as "least authority" or "least 
> permission".

I would be surprised if people intuitively
understood these terms.  I've been on this
group for a year or so, and I can't say that
I intuitively understand them - I have some
sense of direction, but would not be able
to describe them to others.

(Understanding the terms needs to be separated
from whether one understands the concepts.  By
way of example, it turns out that I have been
using the concepts of REST and webservices for
a decade or so, but was not able to battle thru
the hype to figure out the essence of them until


