How do you achieve security across the classic defense in depth layers (Physical, Network, Host, Application, and Data)? Historically, Infosec has frequently focused on security _inside_ these individual layers and relied on "trust" for integration across layers, i.e. my program is trusted since there is a firewall and an acl on the directory and files it executes. Is this good enough? Leaving aside all of the manageability issues of supporting five distinct security model, policies, and repositories, how do you build a coherent security ruleset across these layers, and how do you achieve interoperability?
In specific terms, what is the best way to propagate, deal with, and understand claims made about subject that cross or span these Defense in depth Layers? If we assume that each layer has one or more security models associated with it then, we need a STS at each layer to inspect claims, exchange, validate, and issue layer-specific tokens and policies. These STSes would affect a vertical security model instead of solely the horizontal or execution runtime view where security is typically focused.
The statement trust is for suckers sums up the situation that we see all too frequently in a vertical view of the system's defense in depth layers. What this "STS in Depth" approach could mean is that we could move away from a binary trusted vs untrusted view of the world and more towards stronger security tokens that are context-sensitive to the protocols and data formats that their native layer recognizes.