One of the underexplored areas in Service Oriented Security is what types of federated relationships are valuable, and what new composite identity architectures emerge from these connections. In my view, the main weakness of security architectures is their limited scope and lack of flexibility. Most software is built using composition, but most security protocols do not compose and certainly most lack the ability to deal with multiple namespaces, domains, and symmetric/asymmetric relationships, at least until WS-Security, SAML and friends came along. Further, PKI and X.509 are fine, but most the data you need to assert and make authorization decision lives deep inside a directory or database not in a key store. So we need to be able to bring together multiple elements in security architecture.
The Chinese web is notable for a large number of mutually linking web sites. We hypothesize that this is in part a manifestation of a social construct known as guanxi, which can be widely observed in Chinese culture. Guanxi has been described as “an informal … personal connection between two individuals who are bounded by an implicit psychological contract to [maintain] a long term relationship, mutual commitment, loyalty and obligation.” Dyadic relationships are the fundamental units of guanxi networks. To establish guanxi, two parties must first establish a guanxi base: a tie between two individuals, e.g., same birthplace, same workplace, same family, close friendship. Also, two individuals can claim to have guanxi by acquaintance through a third party with whom they both have guanxi. Once a guanxi base is formed, guanxi can be developed through the exchange of resources ranging from moral support and friendship to favors and material goods.
Comments