It is often desired to share a computer's resources with users across a network that do not have any representation on the computer from which resources are to be shared. For example, a corporation, university, or other organization may have one or more servers connected to some type of network for use by employees, students, or other individuals. Various entities, including individuals, share information or resources across the Internet or other networks. Wired and wireless networks are becoming more popular for use in homes and a wide range of devices, from personal computers to household appliances are or will be connected to and accessible through these networks. As easier access to a wider variety of resources becomes available, the secure sharing of and collaboration between these resources becomes more important.
One obstacle to the secure sharing of and collaboration between these resources relates to recognizing and authenticating various entities that attempt to access the resources provided. In other words, care must be taken to ascertain and ensure that an entity attempting to access a resource on a computer is the entity it claims to be and has the authorization needed to access those resources. Various methods of recognizing an entity and granting authorization have been used.
One method of recognizing and granting authorization to an entity involves a system of accounts and passwords set up to define a security domain. For example, a corporation may wish to generate a security domain for a server or network where the security domain consists of every full-time employee of the corporation. Those running the security domain, such as system administrators, give each employee an account, typically including a user name and password, and set up policies controlling access to the resources through these accounts. Once a security domain is in place, domain members can be given access to the resources while those without accounts are excluded.
However, a security domain based on a system of accounts requiring users to remember various user names and passwords can be cumbersome. Further, a security domain based on a system of accounts is not a good model for individuals wishing to share information or resources across a network such as the Internet. Additionally, for various business reasons, there may be a need to extend or even replace the traditional closed security domain with individuals chosen from across the Internet. For example, there may be a need to set up a project where employees, outside contractors, and other individuals or entities can be part of a virtual team, accessing shared documents, communications, and other resources.
While it is relatively easy to assume that anyone using an account with a valid username and password for accessing resources is the owner of that account, it has been very difficult to recognize identities which are not a part of a traditional closed security domain. Public key infrastructures have been used as a way to identify and authenticate entities. Public key infrastructures are based on trust relationships between certifying or recommending authorities and the users of these systems. However, these infrastructures are complex to understand, bootstrap, and manage. Therefore, public key infrastructures have not become a mainstream technology for recognizing computer users since they do not provide a simple, easy to use identity recognition system applicable to various types of entities. It is with respect to these considerations and others that the present invention has been made.