57. Privacy, identity, and access control
Manage authentication, authorization, sessions, secrets, personally identifiable information, consent, retention, and least privilege. This chapter connects privacy promises to concrete data and access-control decisions.