DocumentCode
1063299
Title
Interconnection Protocols for Interorganization Networks
Author
Estrin, Deborah
Author_Institution
Univ. of Southern California, Los Angeles, CA, USA
Volume
5
Issue
9
fYear
1987
fDate
12/1/1987 12:00:00 AM
Firstpage
1480
Lastpage
1491
Abstract
This paper analyzes the technical implications of interconnecting networks across organization boundaries. Such Interorganizational Networks (ION´s) are used increasingly to support exchange of CAD/CAM data between manufacturers and subcontractors, software distribution from vendors to users, customer input to suppliers´ orderentry systems, and the shared use of expensive computational resources by research laboratories, as examples. We begin by demonstrating that interorganization connections are not satisfied by traditional network design criteria of connectivity and transparency. A primary high-level requirement is access control, and therefore, participating organizations must be able to limit connectivity and make network boundaries visible. We summarize an approach to access control in ION´s, based on nondiscretionary control, that allows interconnecting organizations to combine gateway, network, and system-level mechanisms to enforce cross-boundary control over invocation and information flow while minimizing interference with internal operations [6], [4]. The focus of this paper is on the underlying interconnection protocols that are needed to support these access control mechanisms. We describe in detail a particular protocol, called a visa scheme [7]. The visa scheme uses access control servers to authorize a session request and visas to authenticate that successive packets belong to the authorized connection. Control is distributed among the ION participants and each may make its own design tradeoffs between performance and trust. In order to support interorganization communication two (or more) organizations must be able to communicate with one another´s access control servers and their respective packet-level gateways and nodes (source/destination) must implement the visa scheme. The security of the proposed mechanism varies according to the security of an organization´s components (access control server, gateway, and select hosts) and the encryption function used. The visa scheme´s purpose is to allow an organization to modify and trust only those internal systems that require ION access; all other internal systems are inaccessible from and to the ION gateway. We conclude by comparing and contrasting the visa approach to the use- of higher level gateways.
Keywords
Business communication; Internetworking; Protocols; Access control; Access protocols; CADCAM; Communication system security; Computer aided manufacturing; Computer networks; Control systems; Design automation; Distributed computing; Subcontracting;
fLanguage
English
Journal_Title
Selected Areas in Communications, IEEE Journal on
Publisher
ieee
ISSN
0733-8716
Type
jour
DOI
10.1109/JSAC.1987.1146663
Filename
1146663
Link To Document