Difference between revisions of "Trust Vector"
From MgmtWiki
(→Solutions) |
|||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | [[ | + | Internet [[Relying Party|Relying Parties]] need to perform [[Knowledge]]-based functions to determine if the current request by a [[User]] should result in [[Authorization]] of access. |
==Problems== | ==Problems== | ||
| + | *Many large ecommerce sites are already performing this function, but for obvious reasons do not like to let that fact be known. | ||
| + | *If attackers where to understand the process in full detail, they would know how to subvert it. | ||
==Solutions== | ==Solutions== | ||
Revision as of 10:30, 10 August 2018
Full Title or Meme
A collection of Authentication results or Attribute Validations presented to an Authorization Service to control access to a resource, typically digital but possibly physical.
Context
Internet Relying Parties need to perform Knowledge-based functions to determine if the current request by a User should result in Authorization of access.
Problems
- Many large ecommerce sites are already performing this function, but for obvious reasons do not like to let that fact be known.
- If attackers where to understand the process in full detail, they would know how to subvert it.
