On the Design of a Trust Enhanced Distributed Authorisation Architecture for Service Oriented Architectures

Authorisation systems play a vital role in protecting access to resources in distributed systems. Traditionally, authorisation is performed at the user level to determine whether a user has the necessary privileges to access a requested resource. However, when it comes to the user's platform, it is often assumed that the system hosting the user and the software running on it are 'trusted' and that it will behave correctly. In this paper, we propose a comprehensive trust enhanced distributed authorisation architecture that provides a holistic framework for authorisation taking into account the state of a user platform. The model encompasses the notions of 'hard' and 'soft' trust to determine whether a platform can be trusted for authorisation. We first explain the rationale for the overall model and then describe our hybrid model with 'hard' and 'soft' trust components, followed by a description of the system architecture. We then illustrate proposed architecture in the context of a simple scenario involving a social networking system.