Trust is the ultimate foundation of all security systems, because ultimately, a security system is as secure as the trustworthiness of those who have the power to access and override that security system. While security systems attempt to assure that entities are properly authenticated and authorized, and that data is confidential, reliable, and nonrepudiatable, the entire enterprise depends on trust.
The question of trust is a whole study unto itself, and it is really quite independent of the technology required to support a security system. The definition of trust provided by the ITU-T Recommendation X.509 specification is:
‘Generally, an entity can be said to "trust" a second entity when it (the first entity) makes the assumption that the second entity will behave exactly as the first entity expects.
Ultimately, trust depends on the confidence that users have in the trust mechanisms and all of the nontechnological entities involved with them that are designed to support trust in a security system.
Trust mechanisms typically implement a model (trust model) for facilitating trust in a security enterprise. Many trust models have been developed from which to implement the relationships (trust relationships) among the various entities in a security infrastructure. OpenEdge implements trust mechanisms that support the trust model provided by Public-Key Infrastructure (PKI), a methodology for supporting security services throughout an enterprise network.
Among the components of a distributed application, one or both of the client and server identities of two communicating components can authenticate one another in order to verify the validity of their peer on the other end of the connection. They can also authenticate data exchanged between them and thereby provide nonrepudiation of the data exchanged.
In data communications, nonrepudiation for a sender ensures that the entity that sends a message cannot later deny having sent it, and for a receiver, ensures that the entity that has received message cannot later deny having received it. Nonrepudiation for message senders is often supported by digital signatures, and for receivers by an audit of the message receipt (see Auditing service).
OpenEdge also supports the authentication of server component identities to corresponding client components in distributed network applications using the Secure Sockets Layer (SSL), which is an implementation of a Public-Key Infrastructure (PKI). For more information on:
The PKI trust model relies on various authorities and agreements that certify entity interactions and that software must support in order to implement a PKI. For more information on: