Connect to the Purdue Home Page

Purdue University

Identity and Access Management

Realm Trust Relationships

Realms may choose to trust authentication credentials from other realms. Suppose that realm pete trusts realm purdue. If user mary authenticates to purdue, her credentials would also be accepted by pete.

Characteristics of Trust Relationships:

  • Trust relationships are established in the realm configuration file.

  • Trust relationships are one-way. The fact that realm pete trusts realm purdue does not imply that purdue trusts pete. Two-way trust relationships must be established explicitly if they are desired.

  • Trust relationships do not determine realm membership. Suppose that mary is joined to the pete realm but not the purdue realm, and purdue trusts pete. Can mary authenticate to pete and have her credentials accepted by purdue? No. Even though purdue trusts pete, mary isn't joined to purdue. Trusting another realm does not join its members to your realm.

  • What are the implications of trusting another realm? Mainly, that you trust that realm's security policies. In other words, you think their chosen encryption type is as strong or stronger than yours, and that their authentication security policies are a good match for yours.

  • Not all trust relationships make sense! For example, a realm that uses a weak encryption type might choose to trust a realm that uses a strong one, but the opposite case wouldn't make sense. Realms that have few members in common do not benefit from trust relationships.

Feedback | Contact Purdue
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at itap@purdue.edu or (765) 494-4000.