This chapter introduces the trust virtual organization as a means of facilitating authentication and authorization for sharing distributed and protected contents and services. It indicates that sharing institutional protected services and deliverables has proven a hurdle since user accounts are created in many sites. It provides an approach to solving this problem using virtual organizations with cross-institutional Single Sign On, with which users use their existing institutional accounts to login. This chapter also presents the challenges of building trust virtual organizations: managing users from distributed identity providers; managing services from distributed service providers; managing trust relationships between users and services, and authorizing the access privileges to users based on the trust relationships. It argues that the trust virtual organization increase the effectiveness of e-learning, e-research and e-business significantly. Furthermore, the authors hope that the trust virtual organization facilitates not only Webbased authentication and authorization, but also grid-based authentication and authorization.
Key Terms in this Chapter
User & Group Manager: A component maintains and provides the detail information of users who are authenticated by the trusted IdPs and groups organized for specific purposes.
Resource & Service: A resource or service provides the detail information of resources and services that are protected by the trusted SPs.
Identity Provider Manager: A component maintains and provides the detail information of multiple identity providers.
Goal-Oriented Workspace: A virtual place for distributed users to work together for a specific goal via sharing R&Ss, calendars, and workflows.
Trust Relationship Manager: A component maintains and provides the trust relationships between IdPs and SPs, and U&Gs, and R&Ss.
Service Provider: A service provides and protects resources and services. Those resources and services can only be accessed by the users who are authenticated by trusted identity providers.
Trust-Based Access Control: A function maps the trust relationships between U&Gs and R&Ss to the access behaviours.
Identity Provider: A service asserts the identities of users who are local to an institution running the provider. An identity provider can release the identities to some targets based on attribute release policies.
Service Provider Manager: A component maintains and provides the detail information of multiple service providers.