SYSTEM, METHOD, AND APPARATUS FOR MANAGING ACCESS TO RESOURCES ACROSS A NETWORK
First Claim
1. A system for managing access across a plurality of resources, comprising:
- a user store connector configured to connect to one or more user stores to retrieve attributes;
an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user;
a policy engine configured to retrieve attributes from the user store connector corresponding to the user and use the attributes to evaluate access policies, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources;
an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and
a policy store configured to store the access policies.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and apparatus for managing access across a plurality of applications is disclosed. The system may include a user store connector configured to connect to one or more user stores to retrieve attributes; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a policy engine configured to retrieve attributes from the user store connector corresponding to a user and use the attributes to evaluate access policies, if any, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources; an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and a policy store configured to store the access policies.
-
Citations
20 Claims
-
1. A system for managing access across a plurality of resources, comprising:
-
a user store connector configured to connect to one or more user stores to retrieve attributes; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a policy engine configured to retrieve attributes from the user store connector corresponding to the user and use the attributes to evaluate access policies, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources; an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and a policy store configured to store the access policies. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for managing access across a plurality of resources comprising:
-
defining access policies relative to attributes and resources; receiving, from a remote location, the access policies; communicating with at least one authentication subsystem to authenticate a user; connecting to one or more user stores to retrieve attributes; and utilizing the attributes to evaluate the access policies to determine whether or not the user should be granted access to the resources. - View Dependent Claims (10, 11, 12)
-
-
8. The method of clam 7, including receiving a request to access one of the resources as a proxy address that differs from the actual address of the resource.
-
9. The method of clam 8, including dropping cookies for multiple domains so that subsequent requests are recognized as coming from the user, even if the user requests resources from different domains.
-
13. An apparatus for managing access to a plurality of resources, comprising:
-
a request interceptor configured to receive requests from users to access the plurality of resources; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a session component configured to initiate an SSO session by triggering authentication with the authentication connector; a user store connector component configured to connect to one or more user stores so as to enable attributes for the user to retrieved; a policy cache, the policy cache adapted to store a plurality of access policies; and a policy engine configured to retrieve attributes from the user store connector corresponding to the user and use the attributes to evaluate the access policies to determine whether or not the user should be granted access to the resources. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification