I just have a few thoughts, primarily on Principle of least access, I
should say I tend to just equate it with least authority, since read
IO is an authority.
"We can state the principle as follows: In order to protect privacy,
respect individual entitlements, and maintain human dignity, only the
minimum amount of data access necessary to achieve a specific goal
should be granted."
I slightly fear this goal oriented definition, since it isn't clear
about the transitivity distinction between privilege and authority.
To purchase a good I need to provide data for the product to be
purchased, payment information, and delivery address.
With multiple participants, merchant, purchaser, delivery agent and
receiver the access needs are asymmetric.
The merchant technically doesn't require the delivery address, just
contact with the delivery agent who does and payment.
Though the goal requires granting the sum of information, in this case
it can be distributed separately across the involved parties.
Essentially it strikes me as odd if we are going to differentiate
between transitive authority and privilege, should access not also
have a similar treatment?