A Taxonomy of Access Control
I can’t believe that no one has described this taxonomy of access control before.
The paper is about cryptocurrency wallet design, but the ideas are more general. Ittay points out that a key—or an account, or anything similar—can be in one of four states:
1. safe Only the user has access,
2. loss No one has access,
3. leak Both the user and the adversary have access, or
4. theft Only the adversary has access.