Authentication Trust Level Network Architecture
Journal Title: International Journal of P2P Network Trends and Technology(IJPTT) - Year 2012, Vol 2, Issue 6
Abstract
Service-oriented Architectures (SOA) facilitate the dynamic and seamless integration of services offered by different service providers which in addition can be located in different trust domains. Especially for business integration scenarios, Federated Identity Management emerged as a possibility to propagate identity information as security assertions across company borders in order to secure the interaction between different services. Although this approach guarantees scalability regarding the integration of identity-based services, it exposes a service provider to new security risks. These security risks result from the complex trust relationships within a federation. In a federation the authentication of a user is not necessarily performed within the service provider’s domain, but can be performed in the user’s local domain. Consequently, the service provider has to rely on authentication results received from a federation partner to enforce access control. This implies that the quality of the authentication process is out of control by the service provider and therefore becomes a factor which needs to be considered in the access control step. In order to guarantee a designated level of security, the quality of the authentication process should be part of the access control decision. To ease this process, we propose in this paper a method to rate authentication information by a level of trust which describes the strength of an authentication method. Additionally, in order to support the concept of a two-factor authentication, we also present a mathematical model to calculate the trust level when combining two authentication methods. Quantitative Trust Management (QTM) provides a dynamic interpretation of authorization policies for access control decisions based on upon evolving reputations of the entities involved. QuanTM, a QTM system, selectively combines elements from trust management and reputation management to create a novel method for policy evaluation. Trust management, while effective in managing access with delegated credentials (as in PolicyMaker and KeyNote), needs greater flexibility in handling situations of partial trust. Reputation management provides a means to quantify trust, but lacks delegation and policy enforcement. This paper reports on QuanTM’s design decisions and novel policy evaluation procedure. A representation of quantified trust relationships, the trust dependency graph, and a sample QuanTM application specific to the KeyNote trust management language, are also proposed
Authors and Affiliations
Akash K Singh
Keywords
Related Articles
- EP ID EP93217
- DOI -
- Views 148
- Downloads 0
A Survey on Sensor Cloud: Architecture and Applications
Cloud Computing is a part of computer science and it enables providing Internet services to external customers via very scalable computing capacities. It is abstracted, controlled and high-scalable computer infrastructur...
REMOTE SENSING AND GIS APPLICATION IN BRACKISH AQUACULTURE IN NORTHERN PART OF ANDHRA PRADESH FROM SRIKAKULAM TO WEST GODAVARI
Aquaculture development over the past 50 years has been facilitated largely by the application of science and the introduction of new technologies. Selection of potential and suitable site is the first and foremost...
A Study on Steganography to Hide Secret Message inside an Image
Steganography hides the very existence of a message so that if successful it generally attracts no suspicion at all. There are many techniques to perform Steganography on electronic media, most notably audio and im...
A Review: Comparative Analysis Of Routing Protocols In Wireless Sensor Network
Wireless Sensor networks are recently rapidly growing research area in wireless communications and distributed network. Wireless Sensor Network consists of a large number of low-cost, low-power, and multifunctional...
A Study on Network Security Aspects and Attacking Methods
Network security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better u...