Access system interface
0 Assignments
0 Petitions
Accused Products
Abstract
An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services.
-
Citations
88 Claims
-
1-60. -60. (canceled)
-
61. A method for providing access services, the method comprising:
-
receiving user session state information for a first user, the user session state information is from an application without a web agent front end, the user session state information is from a cookie stored on a client for the first user, the user session state information is encrypted, and receiving the user session state information includes decrypting the user session state information;
receiving a request to authorize the first user to access a first resource, the request to authorize is from the application without a web agent front end;
providing authorization services to the application without a web agent front end in an attempt to authorize the first user to access the first resource without requiring the first user to re-submit authentication credentials;
receiving a request from the application without a web agent front end for unencrypted data from the user session state information; and
providing the unencrypted data from the user session state information to the application without a web agent front end, the application without a web agent front end does not have access to a key to decrypt the user session state information. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
-
-
83. One or more processor readable storage devices having processor readable code embodied on the processor readable storage devices, the processor readable code for programming one or more processors to perform a method comprising:
-
receiving user session state information for a first user, the user session state information is from an application without a web agent front end, the user session state information is from a cookie stored on a client for the first user, the user session state information is encrypted, and receiving the user session state information includes decrypting the user session state information;
receiving a request to authorize the first user to access a first resource, the request to authorize is from the application without a web agent front end;
providing authorization services to the application without a web agent front end in an attempt to authorize the first user to access the first resource without requiring the first user to re-submit authentication credentials;
receiving a request from the application without a web agent front end for unencrypted data from the user session state information; and
providing the unencrypted data from the user session state information to the application without a web agent front end, the application without a web agent front end does not have access to a key to decrypt the user session state information. - View Dependent Claims (84, 85, 86, 87)
-
-
88. A system comprising:
-
a client;
at least one application without a web agent front end adapted to receive a request from the client for a first user to access a first resource, the request includes information from a cookie wherein the information from the cookie is encrypted and the application without a web agent front end does not have access to a key for decrypting the information from the cookie;
an access server adapted to provide authorization services for requests to access the first resource wherein the access server is adapted to receive the information from the cookie and a request from the at least one application without a web agent front end to authorize the first user to access the first resource, provide the authorization services to the at least one application without a web agent front end by attempting to authorize the first user to access the first resource based on information from the request from the first user and based on the information from the cookie wherein the application without a web agent front end requests unencrypted data from the information from the cookie and the application without a web agent front end receives the unencrypted data uses the unencrypted data for an access system service.
-
Specification