[cap-talk] POLA and decomposition:sum of functionality*authority but how about the dynamics?

[Rob Meijer]

I'm currently working on some slides for a training section about POLA.
Before getting to POLA I've already talked about system design and using
functional decomposition with least priviledge.
During the preceding slides I have explained that in the 'static' case
the POLP translates to using functional decomposition in order to achieve
the lowest possible sum of subsystem functionality times subsystem
privileges.
Now getting to 'dynamic' POLA, I am not sure if this rule of thumb would
also apply. At least the time factor or some other way of catching the
dynamics  seems to be missing.  I think it would it be safe to say that in
POLA the sum for all subsystems of subsystem functionality times subsystem
authority should
be kept to the lowest possible value at 'any given time', but this becomes
a rather fuzy when trying to use it in any practical way.
We may go one step further and claim that what should be brought down to
the lowest possible value is the sum of all subsystems over all times of
the subsystem functionality times the sum for this subsystem of all the
subsystems authorities it ever holds times the portion of the time the
subsystem holds that authority, but I have no real foundation to build
that claim on.
Any input is highly appreciated.

Rob