Privilege Drift

I. Formal Definition

The gradual accumulation of permissions on an identity over time as the identity is granted access for successive projects without timely revocation. Drift is a structural property of identity governance, not an individual failure: in the absence of automated revocation and periodic recertification, every long-lived identity will tend toward maximal privilege. The federation expects drift to be measured as the divergence between currently held permissions and the permissions exercised within a defined window, and it expects unjustified divergence to be remediated.

II. Etymology

Term in identity-governance literature since the early 2010s; popularised by the cloud identity provider community in the late 2010s.

III. Federation Usage

Federation members must publish a drift index for human and service identities at least quarterly. Drift exceeding twenty percent of granted permissions over the trailing ninety days is reported under UFMS-001:2.4.

IV. Related Terms

• identity-posture
• segregation-of-duties
• zero-trust
• control-evidence

V. Authoritative Citations

• UFMS-001:2.4UFMS Article II - Drift Reporting
• MEV-Annex:3.2MEV Annex III - Drift Index

VI. Citation in BibTeX

@misc{ifo4_glossary_privilege_drift,
  title        = {{Privilege Drift}},
  author       = {{IFO4 Federation Editorial Board}},
  howpublished = {{IFO4 Federation Glossary, slug \texttt{privilege-drift}}},
  year         = {2026},
  url          = {https://ifo4.org/glossary/privilege-drift},
  note         = {Category: SecOps; key: PrivilegeDrift}
}

VII. Challenge This Definition

Federation members and accredited practitioners may challenge any entry under TGS-002:1.7. Filed challenges are routed to the editorial board, triaged into the revision register, and resolved in writing on the public docket. The slug remains stable through any revision.