Authentication for distributed secure content management system
First Claim
1. A method implemented at least in part by a computer, the method comprising:
- receiving, at a security component, a message sent from a device, the security component being associated with a forward proxy that is logically between the device and a resource to which the device seeks access;
authenticating, via the security component, an entity associated with the device; and
sending a cookie to the device, the cookie indicating that the entity has been previously authenticated by the security component, the device to present the cookie with subsequent requests for access to resources accessible via the forward proxy.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.
258 Citations
20 Claims
-
1. A method implemented at least in part by a computer, the method comprising:
-
receiving, at a security component, a message sent from a device, the security component being associated with a forward proxy that is logically between the device and a resource to which the device seeks access; authenticating, via the security component, an entity associated with the device; and sending a cookie to the device, the cookie indicating that the entity has been previously authenticated by the security component, the device to present the cookie with subsequent requests for access to resources accessible via the forward proxy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer storage medium having computer-executable instructions, which when executed perform actions, comprising:
-
sending, from an entity associated with a device attached to a first network, a request to access a resource from a second network; receiving the request at a component hosted on the device, the component monitoring traffic between the device and the second network; before sending the request to the second network, authenticating, via the component, the entity; and sending the request to a forward proxy. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. In a computing environment, an apparatus comprising:
-
a protocol selector operable to determine an authentication protocol to utilize in conjunction with authenticating an entity seeking to gain access to a resource available via a first network; a client component operable to authenticate the entity using the authentication protocol via a device associated with the entity; and an identity validator operable to obtain an identifier for the entity from a first identity system having a trust relationship with a second identity system, the first identity system residing on the first network, the second identity system residing on a second network; and a proxy informer operable to indicate to a forward proxy whether the entity is authenticated, the forward proxy being one of a plurality of forward proxies distributed across one or more networks, the forward proxies structured to allow authenticated entities to access resources available via the one or more networks. - View Dependent Claims (19, 20)
-
Specification