A Security Architecture for Data Privacy and Security

摘要

Data access and software exchange are often achieved over insecure networks such as the public Internet. System designers are therefore forced to be proactive with regard to verifying the identity of both human users and software processes that request access to protected resources such as factory data. In this paper we show a new security architecture based upon web services that supports authentication, authorization, and federation. Authentication verifies identity and generates a security token; authorization determines which privileges are allowed to which users; federation permits secure and reliable exchanges of identity across disparate trust domains. We illustrate how these ideas can be used to secure access to a factory web portal and its underlying database of process data.