The approach to developing an enterprise security architecture is based upon a six-layer model. The model is used as the basis for an architecture development process, or methodology. To establish a layered model of how security architecture is created and used, it is useful to return to the use of the word in its conventional sense: the construction of buildings. The reason is simple: the business people are right. Vendor interests and technical innovations often drive the business systems development strategy, rather than it being driven by business needs. The architect is someone creative with visions of how to achieve the end architecture. Good architects thrive on challenging business requirements and their real-world implications. The important trust concepts are concerned with the various policy authorities that govern trust within a domain, the policies that they set to govern behavior of entities in each of those domains, and the inter-domain trust relationships.