|
The Network hardware configuration is a toolkit for enabling trust
relationships between strangers, together with a set of trust enforcement
mechanisms and a corresponding representation for policies. Although trust
relationships are established in this system, the relationships are merely based on
public key certificates, and are manually set by domain administrators. It lacks
the capability for on-line negotiation. Its trust enforcement mechanisms are also
based on public key certificates. They decide users' roles based on their
certificates and certain policies. Enforcement decisions are based on validating
certificates and mapping certificates' owners to roles. To represent trust-related
information, the system only provides a trust policy language to describe rules
that determine how to map entities to roles. IBM did not provide further
information about its trust exchange mechanism because that was not the focus of
the system.
|
