1 - The Challenge of Trusted Security Infrastructures

Abstract

This chapter introduces the concept of trusted security infrastructures (TSIs). It begins by outlining the different TSI services, their components, and their interactions. All services are illustrated with a set of security product offerings. It also discusses the services that Microsoft can provide in the TSI space, which includes both the TSI functions that are bundled with the Windows Server 2003 R2 operating system and the ones that come as part of other Microsoft software product offerings. The chapter also provides an overview of a common trend in the outsourcing of security functionality such as the creation of TSIs. These infrastructures provide some core security Services that includes identification, authentication, authorization, auditing, key management, and security-related management. TSIs allow applications to focus on their core business function and facilitate Single Sign-On (SSO) and more rapid and more secure application development. To position TSIs, both the logical positioning and physical positioning are required in the security architecture. The security architecture is a high-level specification of major security components and their relation with each other. The chapter describes the services provided by TSIs; the role of trust that depicts the relationship between the users of the services and the service providers; and roles of trusted security infrastructure, which includes authentication infrastructures, authorization infrastructures, key management infrastructures and security management infrastructure, and the concept of federation. The concept of federation, which represents an important next step in the creation of trusted security infrastructures, is also detailed. The chapter concludes with the discussion on identity management and trusted security infrastructures. The Identity management services offered by Microsoft in a Windows Server 2003 R2 environment and the technical components of it are also explained.