Identity Trust Model Frameworks

In the growing cloud computing world and the complex relationships among applications, it is important to understand the framework of trust models the organization can adopt. It is no longer necessary that a business process be done within the boundary of the organization. There are service companies and even API based services (discussed in the previous article here) that an architect must be aware of when representing end-to-end business scenarios.  Identity and access management among applications becomes crucial from integration and security design perspectives. In this article we will see some of the frameworks.

1. Hub and Spoke Trust Model


In the hub-and-spoke trust model there is a central trust authority that is directly trusted by the other applications. Now a days you can login using your FaceBook identity, Twitter Identity or Yahoo Identity. Here these applications act as the Central Trust Authority. Here the Central Authority must be responsible for maintaining the trust, security and privacy information. VeriSign is an example of a central trust authority in financial transactions.

2. Hierarchical Trust Model

In the hierarchical model, there is a common root authority and trust path that follows in the respective branches in the hierarchical tree fashion. The root trust authority can  be represented by a root certificate. And every layer below has a different certificate.  Here you need to manage your Certificate Store. For example, for a VPN connection from your on-premise organization to Microsoft Azure you need to install certificates and configure trust.

3. Peer to Peer Trust Model

 

The peer-to-peer model represents direct trust relationships between applications. Most of the applications today follow this model, where the user needs to perform multiple logins, or impersonated user accounts are used to perform operations on behalf of all users. But this is a cumbersome experience for the user.