In computer security
, the principle
that access to one system
to another, without need to authenticate
to the second system. Transitive trust is usually the bane
of security in any design.
Most client-server models that use client authentication fall prey to transitive trust. The user authenticates themself to the application on their desktop, which requests data from the server. The server trusts the client-side application; gaining control of the client application also gives one control of the server.
The key feature of transitive trust is that it is blind to an endpoint - it trusts a middlepoint, which is trusting something further down the line.