[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Use-case for Trust Elevation TC
Hi Abbie, The following is a summary of the use-case I would like to introduce to the TC. Hopefully it is of interest to the TC. /thomas/ ----------------------- Summary: Trust Elevation Based on Integrity Measurements A user on a client computer seeks to gain access to resources located at Cloud Provider (eg. Saas, PaaS). In addition to being authenticated by an Identity Provider (IdP), the client computer needs to be integrity-evaluated by the a trusted Integrity Measurement Service (IMS). The IMS is assumed to be a participant under the same Trust Framework. As part of the trust level evaluation by the IdP, the IdP re-directs the client to the IMS service. The client and the IMS service then execute the integrity measurement protocol (single round or multi-round), resulting in the IMS service establishing (assigning) a "trust score" for the client platform (hardware and software). The IMS service then returns the trust score to the IdP (eg. via back channel), in the form of a signed assertion. The IdP then includes the client's trust score when the IdP computes the trust level (eg. LOA) assigned to the user on the client computer. This approach allows the consumer of the LOA assertions/claims (eg. a service provider) to obtain a better picture about the human user (eg. her/his identity) as well as the different client platforms that she/he is connecting form (eg. PC computer, iPad, mobile phone, etc). ------------------------- __________________________________________ Thomas Hardjono MIT Kerberos Consortium email: hardjono[at]mit.edu mobile: +1 781-729-9559 desk: +1 617-715-2451 __________________________________________
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]