System and method for server security and entitlement processing
First Claim
1. A security system for allowing a client to access a protected resource, comprising:
- an application interface mechanism for receiving an access request from a client application to access a protected resource, and communicating said access request to a security service;
a security service for making a decision to permit or deny said access request; and
, a resource interface for communicating permitted access requests to said protected resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A pluggable architecture allows security and business logic plugins to be inserted into a security service hosted by a server, and to control access to one or more secured resources on that server, on another server within the security domain, or between security domains. The security service may act as a focal point for security enforcement, and access rights determination, and information used or determined within one login process can flow transparently and automatically to other login processes. Entitlements denote what a particular user may or may not do with a particular resource, in a particular context. Entitlements reflect not only the technical aspects of the secure environment (the permit or deny concept), but can be used to represent the business logic or functionality required by the server provider. In this way entitlements bridge the gap between a simple security platform, and a complex business policy platform.
480 Citations
39 Claims
-
1. A security system for allowing a client to access a protected resource, comprising:
-
an application interface mechanism for receiving an access request from a client application to access a protected resource, and communicating said access request to a security service;
a security service for making a decision to permit or deny said access request; and
,a resource interface for communicating permitted access requests to said protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39)
-
-
18. A method of allowing a client to access a protected resource, comprising:
-
receiving at an application interface mechanism an access request from a client application to access a protected resource and communicating said access request to a security service;
making a decision at said security service to permit or deny said access request; and
,communicating via a resource interface a permitted access request to said protected resource.
-
-
35. A method for determining a user entitlement to access protected resources in a secure environment, comprising:
-
receiving an access request from a user application to access a protected resource invoking a security service with said access request;
determining a user entitlement to access said protected resource;
making a decision at said security service based on said user entitlement to permit or deny said access request; and
,the steps of either (a) communicating a permitted access request to said protected resource, or (b) denying a denied access request to said protected resource.
-
Specification