ACCESS CONTROL OF REMOTE COMMUNICATION INTERFACES BASED ON SYSTEM-SPECIFIC KEYS
First Claim
1. A computer program product, the computer program product being tangibly embodied on a computer-readable storage medium and including executable code that, when executed, is configured to cause at least one data processing apparatus to:
- receive, by a remote access engine running on the second application server from a first application running on a first application server, a service request to obtain service from a second application that includes a remote interface and is running on the second application server, the service request including a client context and a signed ticket obtained by the first application from a system computer, wherein the signed ticket is based on the client context and a key associated with a system;
validate, by the remote access engine, the received signed ticket based on the key associated with the system, wherein a validated signed ticket from the first application indicates that the first application is authorized to receive service from the second application;
determine, by the remote access engine, in response to the signed ticket being validated, that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of an attribute of the received client context to an access control list associated with the second application; and
send a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer implemented method, computer program product, and computer system is provided for receiving a service request to obtain service from a second application, the service request including a client context and a signed ticket obtained by the first application from a system computer, validating the received signed ticket based on the key associated with the system, determining that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of one or more attributes of the received client context to an access control list associated with the second application, and sending a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application.
68 Citations
23 Claims
-
1. A computer program product, the computer program product being tangibly embodied on a computer-readable storage medium and including executable code that, when executed, is configured to cause at least one data processing apparatus to:
-
receive, by a remote access engine running on the second application server from a first application running on a first application server, a service request to obtain service from a second application that includes a remote interface and is running on the second application server, the service request including a client context and a signed ticket obtained by the first application from a system computer, wherein the signed ticket is based on the client context and a key associated with a system; validate, by the remote access engine, the received signed ticket based on the key associated with the system, wherein a validated signed ticket from the first application indicates that the first application is authorized to receive service from the second application; determine, by the remote access engine, in response to the signed ticket being validated, that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of an attribute of the received client context to an access control list associated with the second application; and send a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer implemented method comprising:
-
receiving, by a remote access engine running on the second application server from a first application running on a first application server, a service request to obtain service from a second application that includes a remote interface and is running on the second application server, the service request including a client context and a signed ticket obtained by the first application from a system computer, wherein the signed ticket is based on the client context and a key associated with a system; validating, by the remote access engine, the received signed ticket based on the key associated with the system, wherein a validated signed ticket from the first application indicates that the first application is authorized to receive service from the second application; determining, by the remote access engine, in response to the signed ticket being validated, that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of an attribute of the received client context to an access control list associated with the second application; and sending a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. An apparatus comprising:
-
receiving logic configured to receive, by a remote access engine running on the second application server from a first application running on a first application server, a service request to obtain service from a second application that includes a remote interface and is running on the second application server, the service request including a client context and a signed ticket obtained by the first application from a system computer, wherein the signed ticket is based on the client context and a key associated with a system; validation logic configured to validate, by the remote access engine, the received signed ticket based on the key associated with the system, wherein a validated signed ticket from the first application indicates that the first application is authorized to receive service from the second application; determining logic configured to determine, by the remote access engine, in response to the signed ticket being validated, that the first application has authorization to obtain the requested service via the remote interface of the second application based on a comparison of an attribute of the received client context to an access control list associated with the second application; and sending logic configured to send a service reply from the second application to the first application to provide the requested service to the first application in response to determining that the first application has authorization to obtain the requested service via the remote interface of the second application. - View Dependent Claims (22, 23)
-
Specification