ABSTRACT
The advanced topics covered in this book will require an Enterprise Level security (ELS) implementation to instantiate the advanced methods. But what is a minimal instantiation of ELS? This chapter is designed to answer that question. In this chapter, we primarily focus on the infrastructure needed to support the generation of authorization and privilege claims. The Enterprise Attribute Ecosystem (EAE) provides this core functionality. It must have an attribute store that contains relevant information about all entities that may request access to enterprise services. It must contain a registration service for data owners. This allows them to define their services and the access requirements for them. The EAE must have a claims engine to compute claims based on requirements and attributes, and it must have a claims repository to store them. In addition, basic user conveniences are required, such as interfaces to view user attributes and claims to confirm correctness of user data and access resources that are allowed. This initial build is useful for first adoption of the ELS model and allows for full instantiation of the ELS security model and claims-based access control.
