Cross platform network authentication and authorization model
First Claim
1. In a computing environment, a method comprising:
- receiving a request for a ticket, the request comprising data in a format that is independent of any particular platform;
deserializing the request data into a data structure that provides access to credentials within the request data;
accessing the credentials to authenticate the credentials and determine role information based on the credentials;
constructing a ticket including the role information;
preparing the ticket for transmission;
inserting the prepared ticket into a response message that is formatted in a format that is independent of any particular platform; and
returning the ticket in response to the request.
2 Assignments
0 Petitions
Accused Products
Abstract
A model for authentication and authorization of users and applications that use network services. A client requests a ticket by providing credentials (user ID and password), e.g., over HTTP/SOAP/XML in the UDDI framework. An authentication adapter in a receiving server deserializes the request into a data structure that provides access to the security ID and password attributes, and passes these attributes to an ID management system to perform authentication. The credentials also determine the user'"'"'s or application'"'"'s privileges. The authentication adapter constructs a ticket object for the client incorporating the privileges and other information, e.g., the security ID and a date/time stamp. The ticket object is serialized, encrypted, encoded for transmission and inserted into an appropriately-formatted XML message and returned to the requesting client. The client attaches the authentication ticket to subsequent service requests that require authentication. To validate the ticket, the ticket object is reconstructed from the request data.
139 Citations
40 Claims
-
1. In a computing environment, a method comprising:
-
receiving a request for a ticket, the request comprising data in a format that is independent of any particular platform;
deserializing the request data into a data structure that provides access to credentials within the request data;
accessing the credentials to authenticate the credentials and determine role information based on the credentials;
constructing a ticket including the role information;
preparing the ticket for transmission;
inserting the prepared ticket into a response message that is formatted in a format that is independent of any particular platform; and
returning the ticket in response to the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. In a computer network having a client, a system comprising:
-
a server connected to the client to receive requests from the client, including a client request to receive a ticket, the request comprising data in a format that is independent of any particular platform;
an authentication adapter associated with the server, the authentication adapter invoked by the server to handle the ticket request received from the client, the authentication adapter configured to;
1) deserialize the request data into a data structure that provides access to credentials within the request data;
2) access the credentials to authenticate the credentials;
3) determine role information based on the credentials;
4) construct a ticket including the role information;
5) prepare the ticket for transmission;
6) insert the prepared ticket into a response message that is formatted in a format that is independent of any particular platform; and
7) provide the response message to the server; and
the server returning the ticket to the client in response to the request. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 39)
-
-
37. In a computing environment, a method comprising:
-
receiving a request for a ticket, the request comprising data in a UDDI get_authToken request and including credentials;
deserializing the request data into an object that provides access to the credentials;
providing the credentials to an ID management system that authenticates the credentials and determines role information based on the credentials;
constructing a ticket including a security identifier, the role information and date information;
preparing the ticket for transmission, including encrypting the ticket and inserting the ticket into a UDDI authToken ticket response message; and
returning the ticket in response to the request. - View Dependent Claims (38, 40)
-
Specification