Policy Service Authorization and Authentication
First Claim
1. A method of applying network resource access policy, the method comprising:
- receiving from a user agent a request for a remote network resource;
obtaining from the request authorization data specific to the remote network resource when the request contains the authorization data;
determining a resource access policy for the request, including using the authorization data, if obtained, to determine the resource access policy for the request;
applying the resource access policy to allow or deny access by the user agent to the remote network resource;
when denying access to the remote network resource, redirecting the user agent to an authorization portal;
after authorization by the authorization portal, receiving from the user agent an authorized request for the remote network resource, the authorized request including an authorization token; and
in response to receiving the authorized request including the authorization token, storing the authorization data specific to the remote network resource at the user agent and redirecting the user agent to the remote network resource to cause the user agent to make another request for the remote network resource.
2 Assignments
0 Petitions
Accused Products
Abstract
Requests for remote network resources can be denied by a policy service by redirecting a requesting user agent to an authorization portal. The authorization portal can authenticate the user agent and redirect the user agent to the originally requested resource with a token. The policy service can be configured to detect the token, and redirect the requesting user agent to the resource with a cookie. The policy service can be configured to reference such cookies when applying policy. Accordingly, an authenticated user agent can be allowed to access the remote network resource and resources at the same host/domain by virtue of the cookie and without additional authentication.
32 Citations
23 Claims
-
1. A method of applying network resource access policy, the method comprising:
-
receiving from a user agent a request for a remote network resource; obtaining from the request authorization data specific to the remote network resource when the request contains the authorization data; determining a resource access policy for the request, including using the authorization data, if obtained, to determine the resource access policy for the request; applying the resource access policy to allow or deny access by the user agent to the remote network resource; when denying access to the remote network resource, redirecting the user agent to an authorization portal; after authorization by the authorization portal, receiving from the user agent an authorized request for the remote network resource, the authorized request including an authorization token; and in response to receiving the authorized request including the authorization token, storing the authorization data specific to the remote network resource at the user agent and redirecting the user agent to the remote network resource to cause the user agent to make another request for the remote network resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for applying network resource access policy, the system comprising:
-
a filter configured to apply resource access policy to a request from a user agent for access to a remote network resource by redirecting the user agent to an authorization portal when denying the request for the remote network resource, the filter further configured to respond to an authorized request having an authorization token by storing authorization data at the user agent and redirecting user the agent to the requested network resource; and a policy server configured to determine resource access policy based on the request as provided by the filter and further based on any authorization data accompanying the request. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
- 21. An authorization portal configured to receive an authorization request from a user agent and to respond to the authorization request by determining a location of a remote network resource from the authorization request and redirect the user agent to the remote network resource with an authorization token indicating a unique identifier of the user agent, the unique identifier known to a policy service configured to apply resource access policy to requests for remote network resources.
Specification