Secure your code by applying the Principle of Least Authority (POLA) and Delegation in these models of secure cooperation. pdf 
## Facet
+----------+ +----------+ | +--------+ | +--------+ | |GetBytes<------------->GetBytes| | +-----+--+ | +-----+--+ | | | | | File <-----------+Read Facet| | | | | | +-----+--+ +----------+ | |SetBytes| | +-----+--+ | | +----------+
A facet presents a subset of authorities embodied in a more powerful object. The Read Facet can expose only the GetBytes method of a File.
## Revocable Forwarder
+---------------------+ | | | +-----------+--+ +-------+ | | Forwarder | | | | +--+ | +--------+--+ | File <-----> <---> |all methods| | | | +-^+ | +--------+--+ +-------+ | | | | | | +-----------+--+ | | | | | +-----------+--+ | | | Revoker | | | | +--------+--+ | +----+ | Revoke() | | | +--------+--+ | | | | +-----------+--+ | | +---------------------+
A revocable forwarder has two parts: the forwarder delegates messages to and replies from the underlying powerful object. The revoker, when called, destroys the link to the underlying object thereby revoking the authority conveyed by the forwarder.
## Composition
A facet could be created over the revoke method to delegate only the power to revoke without also exposing read and write access to the underlying file. Or a Revocable Forwarder could be applied to a read facet to create a Revocable Reader.
## Logger (Logging Forwarder)
Logger is another forwarder that creates an audit trail of messages delegated to the underlying powerful object. See Petnames below.
## Accountability
Chains of Loggers can be composed as each person delegates authorities to colleagues. This closely models how delegation and accountability occur in the physical world.
## POLA-rized Delegation Chain
Each delegation in a chain of loggers can include Facets which further limit the scope of authority for the delegate.
.
Patterns not yet captured here from the picture book get increasingly complicated and, I think, interesting.
Diagrams created with askiflow.com link
askiflow feels like an editor that could be given similar treatment as I've done with Apparatus.
Having mentioned that I also wonder about constructing these diagrams with Apparatus to reveal their dynamic properties.
Screenshot of work in progress on Secure Cooperation Picture Book
I enjoyed the construction of the diagrams as shown in the adjacent screenshot. Three browser windows each narrowly sized. On the left is wiki with a `code` item opened for editing. In the middle is askiflow.com with its export window open for copying. On the right is the PDF of the story book. Convenient that smart phones create environmental pressure to support narrow page layouts. The narrow middle window made it easy to size my ascii diagrams for wiki. Though for my future self, its worth noticing that I chose a width too narrow and end up with excess white space on the right of the diagrams when viewing this page at normal width.
.
Excited to see Akiflow used like Apparatus to reveal the dynamic properties of a POLA-rizerd Delegation Chain.
In his PhD defense Mark S Miller used dynamic diagramming to reveal the properties controlling Robust Composition.page Somehow by diagrams drills a deeper understanding (into my mind).