Pattern 2: Local only, Simple Broker
This is a variation on pattern 1, and adds a simple broker to establish system-to-system trust between the Client System and the Resource Provider. It does not fundamentally change the approach for use-level access control from that in pattern 1.
- Provides a single mechanism for establishing system-to-system trust between sharing systems – backed by a light-weight national assurance process to make use of the national PKI.
- Can be built to specifically address local needs and evolve independently of any other wider requirements outside the local area.
- All aspects of access control managed and handled locally.
- Only provides the mechanism for sharing within a local area – expanding to other areas would require a move to another pattern (e.g. federated identities).
- Does not provide a way of accessing national data or services – these would therefore require a second mechanism (probably requiring the user to log in again).
Was this article useful?2