All TSI services mentioned in the previous sections depend on the existence of a trust relationship between the users of the services and the service providers. As Figure 1.3 shows, all security services are built on trust. The figure also illustrates the link between access control, identification, authentication and authorization. Access control requires 3 security services: identification, authentication and authorization. Too many people use authorization and access control as synonyms.
Figure 1.3: The fundamental role of trust.
Trust cannot be provided just by using technology solutions. A trust relationship also requires the presence of security policies and administrative procedures to provide an operational framework for the creation and maintenance of the trust relationship.
In most enterprises trust relationships between internal TSI users and the TSI service providers are relatively easy to put in place. Things become much more difficult when the TSIs must provide security services to external entities such as partners or customers. An even bigger challenge is to provide trustworthy TSI services on the Internet. The latter problem is discussed in James Essinger’s book Internet Trust and Security.
Trust will be covered in more detail throughout this book when discussingthe different Microsoft Windows Server 2003 TSI technologies.