- Collaboration-oriented architecture
-
Collaboration Oriented Architecture is a concept used to describe the design of a computer system that is designed to collaborate, or use services, from systems that are outside of your locus of control. Collaboration Oriented Architecture will often utilize Service Oriented Architecture to deliver the technical framework.
Collaboration Oriented Architecture is the ability to collaborate between systems that are based on the Jericho Forum principles or “Commandments”.[1]
Bill Gates and Craig Mundie (Microsoft) [2][3] clearly articulated the need for people to work outside of their organizations in a secure and collaborative manner in their opening keynote to the RSA Security Conference in February 2007.
Successful implementation of a Collaboration Oriented Architecture implies the ability to successfully inter-work securely over the Internet and will typically mean the resolution of the problems that come with de-perimeterisation.
Contents
Origin of the term
The term Collaboration Oriented Architectures [4] was defined and developed in a meeting of the Jericho Forum at a meeting held at HSBC on the 6th July 2007.
Definition of a Collaboration Oriented Architecture
The key elements that qualify a security architecture as a Collaboration Oriented Architecture are as follows;
- Protocol: Systems use appropriately secure protocols to communicate.
- Authentication: The protocol is authenticated with user and/or system credentials).
- Federation: User and/or systems credentials are accepted and validated by systems that are not under your (locus of) control.
- Network Agnostic: The design does not rely on a secure network, thus it will operate securely from an Intranet to raw-Internet
- Trust: The collaborating system have the capacity to be able to confirm to a specified degree of confidence that the components in a transaction chain have.
- Risk: The collaborating systems can make a risk assessment on any transaction based on the communicated levels of required trust, based on the required degree of identity, confidentiality, integrity, availability.
Authentication in a Collaboration Oriented Architecture
Working in a collaborative multi-sourced environment implies the need for authentication, authorization and accountability which must interoperate / exchange outside of your locus / area of control.[5]
- People/systems must be able to manage permissions of resources and rights of users they don't control
- There must be capability of trusting an organization, which can authenticate individuals or groups, thus eliminating the need to create separate identities
- In principle, only one instance of person / system / identity may exist, but privacy necessitates the support for multiple instances, or one instance with multiple facets, often referred to s personas
- Systems must be able to pass on security credentials /assertions
- Multiple loci (areas) of control must be supported
References
- ^ Jericho Forum, "Commandments", Jericho Forum Commandments, May 2007.
- ^ Bill Gates, Craig Mundie: RSA Conference 2007. Transcript of keynote discussion between Microsoft Chairman Bill Gates and Chief Research & Strategy
- ^ Bill Gates Webcast, Bill Gates and Craig Mundie Keynote at RSA Conference 2007: Advancing Trust in Today’s Connected World
- ^ https://www.opengroup.org/jericho/COA_v2.0.pdf
- ^ Jericho Forum Commandment #8
External links
Categories:
Wikimedia Foundation. 2010.