Concept: High-level Security Patterns
IT systems commonly implement systems security measures by using instances from
a small group of standard security patterns. Five such patterns are described
here.
Relationships
Related Elements
Main Description

Identity and authentication

An end user (either a human or another system) has an identifier (user name) or a set of identifiers (titles, roles, alias) and proofs (password). To authenticate, the user presents the identifier and proof to an application when prompted to identify itself to the application. If the application validates the identifier and proof, the user has successfully "authenticated" and the identity is now an authenticated identity. When an application implements business logic and enforces its own security policies, it needs to keep its data and metadata in an identity data or metadata repository (file system, database). On the Web, the end users no longer solely have application client code on their own systems. They often accesses applications through a browser, and the network locates the application through a URI (universal resource identifier) that is supplied by the end user.

Single sign-on

When a user has multiple applications with different identifiers and proofs, it sometimes becomes difficult to manage the identity data and metadata to make the appropriate decisions. Single sign-on (SSO) is a term applied to various techniques (human and automated) to reduce this complexity.

Solutions for SSO can be client-based or server- or service-based, and they can be tightly coupled or loosely coupled to the applications. Web-based SSO refers to browser-based solutions, and it typically include cookies. In tightly a coupled client-based SSO, the responsibility is on the user to register and synchronize multiple IDs and passwords that are maintained in multiple application repositories. Some SSO relies on "identity mapping." Others provide "identity propagation" or "identity assertions." New initiatives in Federated SSO enable a user to register with a third party Identity Service Provider, which then manages the user information, thus providing a loosely coupled alternative. In enterprises, a backend SSO can include the enterprise acting as the ISP. A backend SSO includes a common repository for all applications, and each application or server is reconfigured to not use a local repository. Backend SSO solutions can also maintain multiple repositories for user information and use a management process to force the synchronization of the identity data in multiple repositories. When multiple identities are involved, there are often requirements to isolate applications into realms that often correlate to administrative domains.

Digital identities

As people and businesses have become more dependent on computer technology, there has been a proliferation of identity-related information. With the awareness of identity theft, governments are legislating requirements for businesses to protect the identity information for which they are serving as custodians.

There are two major strategies for managing digital identities:

  • The first is user-centric. It relies on users actively participating in identity protection by "registering" with third-party providers, and then granting permission to providers that they trust to access their identity data and metadata. The Liberty Alliance is a consortium that has been leading this strategy, but there is also an open source effort underway with the Higgins initiative in partnership within The Apache Foundation.
  • The second is a business-centered model in which a business provides identity management services to its customers, partners, and employees. Businesses deal with different volumes of information than individuals do and, therefore, have different scaling requirements. Businesses also need to have their own systems for managing user access, based on business roles and changing business conditions (that is, you might always be "My Name," but you might not always work for XYZ Company).

Authorization

As people and businesses have become more dependent on computer technology, rules about who can access what resource have become codified. When designing applications, the decision about who can access what information might depend on business context information, or it might be externalized to the application and handled by a separate set of middleware. Most products and computer systems have implemented a set of "access control" mechanisms, but each one usually keeps its own record of authorized user names mapped to resource names. These are called access control lists.

Message protection

There are two basic types of protection:

  • Integrity protection (proof that the message has not been changed while in transit)
  • Confidentiality (application of cryptography to ensure that only authorized recipients can see the message)

When messages are sent over a protocol, each message can be digitally signed or encrypted, or the network protocol can sign and encrypt all traffic between the two entry points. When the protocol provides the protection, it is often said to be point-to-point (that is, network endpoint to network endpoint).