Extranet access management apparatus and method
First Claim
1. An apparatus for managing access for an extranet, comprising:
- a plurality of domain web server, to which a plurality of users are subscribed, an AA server for managing access authentication and authorization for the domain web server, an authority information storing module, and a user web browser interconnected with the AA server and the domain web server, wherein the AA server comprises an AA module playing a role of authentication and authorization;
an ACL cache control module for synchronizing ACL caches of the respective domain web server with the AA server;
an encryption module for encrypting AA cookies to be given to the users; and
a schema provider and user provider for providing an operation system independent of the authority information storing module, wherein the domain web server comprises an AA module for checking, by using the ACL cache, whether the user accesses;
an ACL cache which is delivered from the AA server;
a decryption module for decrypting the encrypted AA cookies; and
a module for processing a resource request from the user web browser, wherein the domain web server checks the user authority by using ACL information, respectively, and produces the encrypted Role information cookie, this cookie signal being authenticated in the AA server 300, and, after authentication, Role, ACL, and ACE information is stored in the authority information storing module.
1 Assignment
0 Petitions
Accused Products
Abstract
An access management apparatus and method for managing or controlling access to an extranet for xSP. To overcome “the problems of centralized authority and authorization cache”, the present invention decentralizes the role of access management by using ACL cached, and synchronizes the decentralized access management roles by using an AA server. In addition, it overcomes “inefficiency of session management” by adopting authentication/authorization based on a web browser cookie, and it additionally includes the functions of supporting the internet security standard, and processing a variety of security/encryption techniques and a user-defined access management.
-
Citations
4 Claims
-
1. An apparatus for managing access for an extranet, comprising:
-
a plurality of domain web server, to which a plurality of users are subscribed, an AA server for managing access authentication and authorization for the domain web server, an authority information storing module, and a user web browser interconnected with the AA server and the domain web server, wherein the AA server comprises an AA module playing a role of authentication and authorization;
an ACL cache control module for synchronizing ACL caches of the respective domain web server with the AA server;
an encryption module for encrypting AA cookies to be given to the users; and
a schema provider and user provider for providing an operation system independent of the authority information storing module,wherein the domain web server comprises an AA module for checking, by using the ACL cache, whether the user accesses;
an ACL cache which is delivered from the AA server;
a decryption module for decrypting the encrypted AA cookies; and
a module for processing a resource request from the user web browser,wherein the domain web server checks the user authority by using ACL information, respectively, and produces the encrypted Role information cookie, this cookie signal being authenticated in the AA server 300, and, after authentication, Role, ACL, and ACE information is stored in the authority information storing module. - View Dependent Claims (2, 3, 4)
-
Specification