Information Technology Reference
In-Depth Information
the collaboration also needs to be maintained: the businesses participating in B2B
collaborations must be able to identify one another, identify messages as coming
from other members of the same B2B collaboration, and establish the validity of
security claims made by other parties in the B2B collaboration about the identity
and entitlements of a user or other resource.
A difference to alternative solutions is that trust between business partners can
be aligned with consumer / provider relationships. Most current solutions assume
mutual and bidirectional trust relationships between all collaborating partners. This
solution, however, allows the establishment of directional trust relationships between
each pair of partners and coordinating these directional trust relationships so that
they reflect consumer / provider relationships. It therefore supports the evolution of
a Circle-of-Trust towards a trust network that reflects supply network relationships.
Please refer to section 8.3 for more information about how such trust relationships
are enforced between identity brokers and entitlement services.
Fig. 8.1:
The high-level architecture of the “VO Set-Up” Common Capability
A high level architecture diagram of this capability is shown in figure 8.1 together
with a summary of its functionality for each phase of a typical VO lifecycle. To allow
the lifecycle management of secure identity federations, the VO Set Up interacts
(via the federation manager building block) with the Security Token Service (STS)
component presented in section 8.3 of this chapter. The FM (Federation Manager)
interface, shown in figure 8.1, is a component offering a programmatic interface
that allows the decoupling of the VO Set Up capability from the specific STS imple-
