Security Domains
Encyclopedia
A security domain is the determining factor in the classification of an enclave of servers/computers. A network with a different security domain is kept separate from other networks. Examples: NIPRNet
, SIPRNet
. JWICS, NSANet are all kept separate.
A security domain is considered to be an application or collection of applications that all trust a common security token for authentication, authorization or session management. Generally speaking, a security token is issued to a user after the user has actively authenticated with a user ID and password to the security domain.
Examples of a security domain include:
In an Identity Federation that spans two different organizations that share a business partner, customer or BPO relation - A partner domain, would be another security domain with which users and applications (from the local security domain) interact.
NIPRNet
The Non-secure Internet Protocol Router Network is used to exchange sensitive but unclassified information between "internal" users as well as providing users access to the Internet. NIPRNet is composed of Internet Protocol routers owned by the United States Department of Defense...
, SIPRNet
SIPRNet
The Secret Internet Protocol Router Network is "a system of interconnected computer networks used by the United States Department of Defense and the U.S. Department of State to transmit classified information by packet switching over the TCP/IP protocols in a 'completely secure' environment"...
. JWICS, NSANet are all kept separate.
A security domain is considered to be an application or collection of applications that all trust a common security token for authentication, authorization or session management. Generally speaking, a security token is issued to a user after the user has actively authenticated with a user ID and password to the security domain.
Examples of a security domain include:
- All the Web applications that trust a session cookie issued by a Web Access Management product
- All the Windows applications and services that trust a Kerberos ticket issued by Active Directory
In an Identity Federation that spans two different organizations that share a business partner, customer or BPO relation - A partner domain, would be another security domain with which users and applications (from the local security domain) interact.
External links
- Ping Identity Recommended Federation Deployment Architecture http://www.pingidentity.com/information-library/resource-details.cfm?customel_datapageid_1296=1728