Authentication – by service provider, LDAP/AD export,
Public Key Infrastructure (PKI)
Authorization – brokered Digital Asset Management,
Higgins trust framework, Bandit,
Security Assertion Markup Language (SAML),
Access – via API, HADOOP, SPARK, S3, SOAP, REST,
Issued by regional / delegated authority – state government
Recognized by other agencies - governments, businesses
Contains embedded security features – hologram, magnetic
strip, UV seal, smartchip, barcodes
Contains unique attributes – photo, fingerprint,
signature, license number, street address
Establishes context and limitations – operating class,
expiration date, physical restrictions
Issued by regional / delegated authority – Certificate Authority (CA)
Recognized by other agencies – validated by other CAs, and
filed to use during collaboration
Embedded security features – digital fingerprint , encryption key,
and RSA hash
Contains unique attributes – email address, private key hash,
digital signature, project ID, business
affiliations, organizational roles,
any relevant attribute
Establishes context and limitations – issuing authority, expiration
times, revocation authority
Identities and attributes are embedded in certificates.
Relationships and authorizations can be made using
Certificates are created and validated through Certificate
Authority and exchanged between appropriate parties.
Storage vendor uses certificates for authentication,
authorization, and access to objects.
Any data file, object storage or not, can contain value, so
use of encryption is highly desirable.
The further away from direct control, the more
important encryption becomes.
Encryption keys are much more easily exchanged using
certificates, especially if based on public/private key
pairs, like PGP.