Information Technology Reference
In-Depth Information
reflects their own trust relationships (i.e., local state). The latter may include asser-
tions recognising the authority of those identity brokers they trust in this federa-
tion context
4
. Directed binary trust relationships can be defined between an identity
broker and each of the trusted identity brokers with which it is associated in a feder-
ation context by having the corresponding identity brokers accept these recognition-
of-authority assertions.
Depending on the distribution of recognition-of-authority statements, trust rela-
tionships in such trust networks may be adjusted to reflect the value chain of the
corresponding business-to-business collaboration. The “VO Set-Up” capability
presented in section 8.2 utilizes this functionality when coordinating a process
that distributes the corresponding recognition-of-authority assertions to the corre-
sponding Identity Brokers that require federating and configures their association
with a shared federation context through the Federation Manager interface shown
in figure 8.1. For example if (Identity Broker)
IB
1
is a prime contractor recognising
the authority of subcontractors
IB
2
and
IB
3
in federation context
F
1
and each of
IB
2
and
IB
3
recognise only the authority of prime contract
IB
1
in
F
1
then
IB
1
will be able
to process the validity of tokens issued by any of
IB
1
,
IB
2
,
IB
3
,
while either of
IB
2
and
IB
3
will be able to process the validity of tokens issued by
IB
1
and itself only.
This model can be further extended by including a representation of trust metrics
such as those proposed in Dimitrakos et al. (2003) and Jøsang et al. (2005).
8.3.2 Distributed Access Management
Distributed access control and authorization services allow groups of service-level
access policies to be enforced in a multi-administrative environment while ensuring
regulatory compliance, accountability and auditing.
Until recently most of the research into access control for networks, services,
applications and databases was focused on single administrative domains and
the hierarchical domain structures typical of traditional enterprises. However, the
dynamic nature and level of distribution of the business models that are created
from a SOI - especially when this incorporates Cloud services - often mean that
one cannot rely on a set of known users (or fixed organizational structures) with
access to only a set of known systems. Furthermore, access control policies need to
take account of the operational context such as transactions and threat levels. The
complexity and dynamic and multi-administrative nature of such IT infrastructures
necessitate a rethink of traditional models for access control and the development of
new models that cater for these characteristics.
The access management capability provides a means for specifying policies that
control service-level access and usage in such environments and for automating the
necessary decision-making while facilitating accountability and security auditing. It
can recognize multiple administrative authorities, admit and combine policies issued
4
One example of such recognition-of-authority assertions include the “business card” assertions
proposed by Dimitrakos et al. (2004) and Geuer-Pollmann (2005) - which built on the
“information card” concept (InfoCard 2009). Another example includes statements such as the
administrative delegation constraints proposed in Rissanen and Firozabadi (2004).
