Overview#Trust Tier is an Attribute Value of an Entity associated with a BeyondCorp like Framework
Trust Tier are organized into tiers and assigned to each Entity within the
- Device Inventory Service by the Trust Inferer
- Resource Inventory Service which requires a minimum Trust Tier required for access.
In order to access a given Resource Inventory Service Entity, a Device Inventory Service Entity must have a Trust Tier assignment must be equal to or greater than the resource’s minimum Trust Tier requirement.
Using the Principle of least privilege and assigning the lowest Trust Tier of access required to complete a request decreases costs associated with support and productivity and also improves the availability of the device.
As a Device Inventory Service Entity is allowed to access more Sensitive Data, requires more frequent tests of user presence on the device, so the more we trust a given device, the shorter-lived its credentials. Therefore, limiting a device’s Trust Tier to the Principle of least privilege means that its user is minimally interrupted.
We may also various requirements for higher Trust Tier such the installation of the latest operating System update within a few business days to retain a high Trust Tier, whereas devices on lower Trust Tier may have slightly more relaxed timelines.
Trust Tier is a form of Lattice Based Access Control