Information Technology Reference
In-Depth Information
using a public key certificate should be employed to bind a user to an
identity. Exchanged information should not be alterable. This safe-
guard can be accomplished using a certificate-based digital signa-
ture. Some corresponding requirements include the following:
a. Mechanisms for determining identity
b.
Binding of a resource to an identity
c.
Identification of communication origins
d.
Management of out-of-band authentication means
e.
Reaffirmations of identities
3.
Authorization
: Subsequent to authentication, cloud requirements for
authorization address authorization to allow access to resources,
including the following:
a. A user requesting that specified services not be applied to his or
her message traffic
b.
Bases for negative or positive responses
c. Specifying responses to requests for services in a simple and
clear manner
d. Including the type of service and the identity of the user in an
authorization to access services
e. Identification of entities that have the authority to set authoriza-
tion rules between users and services
f. Means for the provider of services to identify the user and asso-
ciated traffic
g. Means for the user to acquire information concerning the service
profile kept by the service provider on the user
Consequent to the authorization, the system must address the following:
a. Specific mechanisms to provide for access control
b.
Privileges assigned to subjects during the system's life
c. Management of access control subsystems
4.
Integrity
: Cloud requirements for integrity ensure the integrity of
data both in transit and in storage. It should also specify means
to recover from detectable errors, such as deletions, insertions,
and modifications. The means to protect the integrity of informa-
tion include access control policies and decisions regarding who
can transmit and receive data, and which information can be
exchanged. Derived requirements for integrity should address the
following:
a. Validating the data origin
b.
Detecting the alteration of data
c. Determining whether the data origin has changed
Search WWH ::
Custom Search