Declarative trust model between reverse proxy server and websphere application server
First Claim
1. A method for allowing an application server to enforce a trust evaluation of a third party, comprising:
- receiving a user request from a third party;
extracting authentication data from the third party;
validating the authentication data at the application server, wherein the validation allows the application server to enforce the trust evaluation; and
performing credential mapping using the validated authentication data.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client'"'"'s security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user'"'"'s security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.
-
Citations
39 Claims
-
1. A method for allowing an application server to enforce a trust evaluation of a third party, comprising:
-
receiving a user request from a third party;
extracting authentication data from the third party;
validating the authentication data at the application server, wherein the validation allows the application server to enforce the trust evaluation; and
performing credential mapping using the validated authentication data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A data processing system for allowing an application server to enforce a trust evaluation of a third party, comprising:
-
receiving means for receiving a user request from a third party;
extracting means for extracting authentication data from the third party;
validating means for validating the authentication data at the application server, wherein the validation allows the application server to enforce the trust evaluation; and
performing means for performing credential mapping using the validated authentication data. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product in a computer readable medium for allowing an application server to enforce a trust evaluation of a third party, comprising:
-
first instructions for receiving a user request from a third party;
second instructions for extracting authentication data from the third party;
third instructions for validating the authentication data at the application server, wherein the validation allows the application server to enforce the trust evaluation; and
fourth instructions for performing credential mapping using the validated authentication data. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification