Defining Trusted Infrastructure#
I am part of a group at EMC assigned with defining and developing our point-of-view on trusted infrastructure. We started by checking out what the industry was already saying. The most credible definition we came across is from the Trusted Computing Group (TCG), a well-respected nonprofit organization that defines security specifications.
A taxonomy for securely sharing information among others in a trust domain#In any given collaboration, information needs to flow from one participant to another. While participants may be interested in sharing information with one another, it is often necessary for them to establish the impact of sharing certain kinds of information. This is because certain information could have detrimental effects when it ends up in wrong hands. For this reason, any would-be participant in a collaboration may need to establish the guarantees that the collaboration provides, in terms of protecting sensitive information, before joining the collaboration as well as evaluating the impact of sharing a given piece of information with a given set of entities. The concept of a trust domains aims at managing trust-related issues in information sharing. It is essential for enabling efficient collaborations. Therefore, this research attempts to develop a taxonomy for trust domains with measurable trust characteristics, which provides security-enhanced, distributed containers for the next generation of composite electronic services for supporting collaboration and data exchange within and across multiple organisations. Then the developed taxonomy is applied to a possible scenario, in which the concept of trust domains could be useful.
Open Trust Taxonomy for OAuth2 References #http://ilpubs.stanford.edu:8090/675/1/2005-11.pdf:
- Information Integrity