Linking Contexts from Distinct Data Sources in Zero Trust Federation

An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses the information of users and devices, called context, to verify access requests. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA by sharing contexts among participants in the federation. ZTF defines Context Attribute Provider (CAP) as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for verification based on ZTA. For precise verification, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP although collecting contexts is essential to realize ZTF. In this research, as a general method for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.32(2024) (online)DOI　http://dx.doi.org/10.2197/ipsjjip.32.288------------------------------

An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses the information of users and devices, called context, to verify access requests. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA by sharing contexts among participants in the federation. ZTF defines Context Attribute Provider (CAP) as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for verification based on ZTA. For precise verification, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP although collecting contexts is essential to realize ZTF. In this research, as a general method for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.32(2024) (online)DOI　http://dx.doi.org/10.2197/ipsjjip.32.288------------------------------