Chapter 9. Security
There is no real security except for whatever you build inside yourself.
— Gilda Radner
In a utopian society, we’d leave our homes unlocked in the morning. We’d park our cars at the office with the windows open, and after dark we’d be free to walk unlit alleyways without concern.
Unfortunately, the small percentage of those looking to take advantage of others necessitates taking some measures to protect ourselves. We look after our belongings and each other. In the digital arena, our vulnerable currency is data—not everyone is entitled to see or edit everything. Although our systems are built to support a large number of users, we cannot simply allow anyone to take any action they please. In software and life, security amounts to controlling access.
The process by which we grant or restrict access is reflected in our security model; this defines the criteria by which we judge access attempts. If someone is asking to enter the office, should we ensure he’s an employee? Is it after business hours, and how does that affect our decision? Access may be permitted or denied based on contextual information, and the way we value those contexts is what comprises our security model.
When we permit access to a resource, this is the process of authorization. A commonly employed approach involves role-based security, where functions and actions on the system are linked to a role. For instance, the task of unlocking an office’s front doors may be permitted to someone with the “janitor” ...