ForgeRock Secure Sharing Ingredients: Who, What and How
In my previous blog, I described the ForgeRock Secure Sharing solution, which enables people to share their digital resources selectively with others in an enforceable way. How exactly do we do that? Let’s start with the three main ingredients:
- Who: Authenticated people
- What: Verified applications and services
- How: Trusted access
Who: Authenticated People
The ForgeRock Secure Sharing solution involves producers and consumers.
- Producers own and manage resources. They are responsible for the lifecycle of any given resource: creation, content modification, metadata changes, access management, approval, or denial of requests and removal.
- Consumers use the resources they have access to. They can also request access to new resources.
Both producers and consumers must be authenticated. That is, they need to have digital identities in ForgeRock Secure Sharing. The authentication services in ForgeRock Secure Sharing can support existing user repositories, provide a self-service registration process, or use federation to automate the importing of digital identities from external trusted user repositories.
What: Applications and Services
- Applications provide people with a way to access and use all kinds of resources. An application can range from the dashboard of your car and a security panel in your home to an app on a mobile device or a web browser interface.
- Services provide capabilities behind the scenes that interoperate with applications, coordinate with other services, and perform business operations.
In ForgeRock Secure Sharing, both applications and services must be verified in order to prove that they are legitimate.
How: Trusted Access
Accessing a resource consists of multiple components. We define access as an event in a particular point in time that involves a resource (owned by a producer), the consumer, and a means of controlling aspects of the resource .
Access starts with the producer who is authenticated to the services in ForgeRock Secure Sharing. The producer may not necessarily be online to grant access when a consumer makes a request. They often need to proxy the granting of resource access to a service so that the consumer can access resources anytime.
To create trusted offline resource access, both the producer and the services need to be trusted. The consumer and the applications they use, must also be trusted by the services they use to obtain access because resources may contain sensitive information. The services need proof that the consumer and the application are legitimate. The resource’s access information must also be trusted. The producer needs and wants to be assured that their permissions are correctly represented. And the consumer wants to feel confident about the information they are receiving.
As we’ve seen, ForgeRock Secure Sharing involves trusting people, resources, applications and services, and the access information that is communicated between a producer and consumer.