Authorisation
iSHARE Trust Framework, as a governance model for data sharing, provides a robust model for authorizations and delegation of permissions between organisations and individuals. The design of iSHARE Trust Framework’s authorization and policy rules is intended to balance security, flexibility, and trust.
The iSHARE Trust Framework is structured and methodology designed to facilitate secure data sharing across organisations. By employing a standardised set of policies and rules, the framework aims to ensure that access rights are clearly defined, systematically managed, and enforced, thereby promoting trust and security in data transactions.
Components of the Framework
1. Policy Sets
Policy sets serve as containers for multiple policies and define broad conditions under which these policies operate.
• Max Delegation Depth: This parameter is crucial for establishing boundaries on how rights can be passed on from one entity to another. For instance, if an organization holds certain rights, it may delegate these rights to a partner organization. The max delegation depth prevents an unbounded chain of delegations, which could complicate accountability and traceability. Setting this parameter helps in ensuring that the delegation remains manageable and within defined limits.
• Target Environment: The environment context includes relevant licenses, which specify the legal and operational frameworks under which the policies apply. This context ensures that any actions taken are compliant with existing agreements, enhancing legal safety and governance.
2. Policies
Policies are specific declarations of rights and actions associated with particular resources. Each policy is crafted to articulate precise permissions, thus offering a nuanced approach to data access.
• Target Definition: The policy’s target specifies the resource and the actions permitted. This level of detail ensures that access is granted only when it is appropriate, minimising the risk of unauthorized actions. By identifying the type of resource (e.g., data container) and the specific identifiers or attributes, the policy ensures that permissions are contextually relevant.
• Actions: The actions array clearly delineates what can be done with the resource, such as reading, writing, or deleting data. This ensures that parties understand the scope of their permissions, contributing to more secure operations.
• Service Providers: Including a list of allowed service providers further restricts who can act on behalf of the data owner. This element is particularly important in a collaborative environment, where multiple parties may interact with shared data.
3. Rules
Rules within policies are the core of decision-making regarding access control. They dictate how permissions are applied and under what circumstances access may be granted or denied.
• Default Rule: The presence of a default rule with a Permit effect ensures a baseline level of access unless stated otherwise. This rule acts as a safety net, ensuring that as long as no denying condition applies, access can proceed.
• Additional Rules: These rules are essential for constraining the default permissions. For instance, if a certain resource is marked with a Deny effect, it will override the default permit. This dual-layer approach (permit vs. deny) offers a robust mechanism for managing permissions, ensuring that access control is both flexible and precise.
Significance of the Framework
• Security and Trust: By clearly defining roles, rights, and rules, the iSHARE Trust Framework enhances security. Organisations can share data with confidence, knowing that access is controlled and monitored.
• Compliance: The framework’s structured approach ensures compliance with legal and regulatory requirements. It makes it easier to audit and demonstrate compliance with data protection laws and industry standards.
• Interoperability: The standardised nature of the framework facilitates interoperability among various organisations. Different entities can operate under a common set of rules, making it simpler to collaborate while ensuring that data access is managed consistently.
• Accountability and Traceability: The detailed structure enables organizations to track and manage who has access to what data and under which conditions. This traceability is crucial for accountability, allowing organisations to respond quickly to any unauthorized access incidents.
M2M (Machine-to-Machine) Authorisation
At the core of iSHARE’s architecture is the ability to manage authorisations between machines, i.e., different systems or organisations. This process revolves around delegation policies and delegation evidence that govern which entities can access data or services.
The key flow for M2M authorisation within iSHARE Trust Framework involves the delegation evidence request.
1. Delegation Evidence:
Participants in iSHARE Trust Framework can request delegation evidence, which essentially serves as proof that one entity has the right to act on behalf of another. This request is submitted to either an Entitled Party (the organization that has the authority) or an Authorisation Registry (a trusted registry that stores these authorizations).
2. Authorization Policies:
These are rules that dictate under what conditions delegation evidence can be provided. Policies might specify which entities can request authorizations and for which services or data.
3. Client Assertion:
In some cases, particularly when a Service Provider needs to collect delegation evidence on behalf of a client, a client_assertion is required. This proves that the Service Provider is acting on behalf of the client and is authorised to request specific delegation evidence.
The flow of requests through the delegation_mask ensures that both the Entitled Party and the Authorisation Registry are able to evaluate the request according to predefined rules. The system ensures that unauthorised entities cannot gain access by imposing strict validation mechanisms through certificates and assertions.
Policy Storage and Flexibility
iSHARE Trust Framework does not prescribe how authorisation policies should be stored. Instead, it offers flexibility to implement these policies in a way that best suits the organization’s infrastructure. Some systems may store policies as business rules or transactional data, while others may opt for a dedicated policy engine. This flexible approach to policy storage allows organisations to integrate iSHARE Trust Framework into existing workflows without significant architectural changes.
H2M (Human-to-Machine) Authorization
In addition to machine-to-machine interactions, iSHARE Trust Framework supports Human-to-Machine (H2M) authorisations, where individual users are granted rights to act on behalf of an organization. This feature is essential for scenarios where human users need access to services or data stored in another system.
Here’s how H2M authorisation is structured:
1. OpenID Connect Integration: iSHARE Trust Framework leverages the OpenID Connect 1.0 standard for identity verification, but extends it by adding support for authorization of human users. This ensures that a user’s identity and permissions are verified before they can access services.
2. Userinfo Endpoint: A key modification to the OpenID Connect flow is the use of the userinfo endpoint, which retrieves a user’s authorization details. These details are tied to the organisation the user represents.
3. Pseudonymisation: To comply with privacy requirements, users are identified through pseudonyms rather than personal identifiers. This ensures that user identities are protected while allowing them to access the necessary services.
Service-Specific vs. Portal Approach
Two distinct approaches are used for authorising human users:
• Service-Specific Approach: When a user requests access to a specific service, the Service Provider checks if the user is authorised to access that service. This involves verifying the delegation evidence that ties the user to the service.
• Portal Approach: In scenarios where a user accesses services through a portal, the Service Provider conducts a broader check. It requests all authorisations available to the user in order to display relevant services on the portal. This is done through a wildcard request that gathers all delegation evidence associated with the user.
Design Perspective: Why These Flows?
The design of iSHARE Trust Framework’s authorisation flows follows several core principles:
1. Security by Design: By enforcing strict validation mechanisms (such as client_assertions and delegation masks), iSHARE Trust Framework ensures that only authorised entities can access sensitive data or services. This is particularly critical in cross-organization data sharing environments.
2. Flexibility: The flexible approach to storing authorization policies allows organisations to adopt iSHARE Trust Framework without major disruptions. Whether policies are stored as business rules, transactional data, or through custom interfaces, iSHARE Trust Framework integrates smoothly into existing systems.
3. Privacy Compliance: support for pseudonymisation ensures that individual identities are protected, even as they interact with multiple organisations. This makes the system compliant with GDPR and other privacy regulations.
4. Scalability: Both the machine-to-machine and human-to-machine authorization models are scalable, allowing organisations to support complex ecosystems where multiple entities interact with varying levels of trust and authorization.
Reasoning Behind the Flows
The key reasoning behind these flows is to maintain a balance between trust and flexibility. In a federated system, where multiple entities from different sectors collaborate, it is essential to have a flexible yet robust mechanism for managing authorizations. The delegation evidence flow, for instance, ensures that authorizations are always verified against predefined policies, while still allowing for dynamic interactions between previously unknown parties.
This model ensures that each participant in the ecosystem has control over their data and services, while also enabling secure collaboration across organisational boundaries.
Conclusion
The iSHARE Trust Framework provides a well-designed mechanism for managing both machine-to-machine and human-to-machine authorizations, rooted in flexibility, security, and scalability.
By using delegation evidence, authorization policies, and client assertions, all entities in its ecosystem can share data securely and with confidence. The flexibility in policy storage and privacy-compliant pseudonymisation further reinforce iSHARE Trust Framework’s ability to adapt to diverse organisational needs, ensuring that the framework remains future-proof as data-sharing environments evolve.
Last updated