An Abstract Security Pattern for Zero Trust Access Control

Information systems have become very complex due to their increasing distribution, interconnection, and need to support complex communication structures. Zero Trust Architecture (ZTA) has been introduced as a solution to the security problems of complex networked systems. We present here a pattern to enforce the application of security controls on incoming requests from a variety of locations addressing data and services that are also heavily distributed. The Abstract Zero Trust Access Control pattern restricts access to the resources of a system by authenticating every network access request and enforcing authorization constraints to access specific resources; its enforcement applies two security principles: least privilege and complete mediation. While there are several other patterns that can be applied to implement a Zero Trust Architecture, this is its most fundamental pattern.