Inter-organization networks: implications of access control: requirements for interconnection protocol

Quantified Score

Visualization

Abstract

When two or more distinct organizations interconnect their internal computer networks they form an Inter-Organization Network(ION). IONs support the exchange of cad/cam data between manufacturers and subcontractors, software distribution from vendors to users, customer input to suppliers' order-entry systems, and the shared use of expensive computational resources by research laboratories, as examples. This paper analyzes the technical implications of interconnecting networks across organization boundaries.After analyzing the organization context in which IONs are used, we demonstrate that such interconnections are not satisfied by traditional network design criteria of connectivity and transparency. To the contrary, a primary high-level requirement is access control, and participating organizations must be able to limit connectivity and make network boundaries visible. We describe a scheme based on non-discretionary control which allows interconnecting organizations to combine gateway, network, and system-level mechanisms to enforce cross-boundary control over invocation and information flow, while minimizing interference with internal operations.Access control requirements such as these impose new requirements on the underlying interconnection protocols. We demonstrate such alternative interconnection protocols that support loose coupling across administrative boundaries and that accommodate the necessary control mechanisms. Message-based gateways that support non-real-time invocation of services (e.g., file and print servers, financial transactions, VLSI design tools, etc.) are a promising basis for such loose couplings.