Flexible interface to authentication services in a distributed data processing environment
First Claim
1. A system for authenticating a requestor process at a first node, of a service process running at a second node in a distributed data processing system, comprising:
- a first machine at said first node;
a second machine at a second node; and
communication means interconnecting said first and said second machines;
said first machine executingan operating system;
said requestor process, anda first authentication agent program defining a corresponding first authentication policy independently of said operating system;
said first machine further includingmeans for constructing authentication information and a first authentication acknowledgement supporting said first authentication policy;
said second machine further executingan operating system;
said service process, anda second authentication agent program defining a corresponding second authentication policy independently of said operating system;
said second machine further includingmeans for receiving and processing said authentication information communication from said first machine to said second machine over said communication means;
means for acquiring and transmitting a second authentication acknowledgement on said communication means from said second machine to said first machine;
and wherein said first machine further includesmeans for comparing said first authentication acknowledgement and said second received authentication acknowledgement for determining a second authentication of said service process.
0 Assignments
0 Petitions
Accused Products
Abstract
In a distributed data processing system, the authentication of a process at one node for the use of a service at another node is performed in a facility that is separate from the requestor and service process. The separate facility is also replaceable, thereby allowing different authentication policies to be implemented within the distributed data processing system. The requesting process and the service process merely pass the authentication information between themselves without attempting to interpret the work of the separate authentication facility. In addition to authenticating the requestor to the service, the service is also authenticated to the requestor.
-
Citations
4 Claims
-
1. A system for authenticating a requestor process at a first node, of a service process running at a second node in a distributed data processing system, comprising:
-
a first machine at said first node; a second machine at a second node; and communication means interconnecting said first and said second machines; said first machine executing an operating system; said requestor process, and a first authentication agent program defining a corresponding first authentication policy independently of said operating system; said first machine further including means for constructing authentication information and a first authentication acknowledgement supporting said first authentication policy; said second machine further executing an operating system; said service process, and a second authentication agent program defining a corresponding second authentication policy independently of said operating system; said second machine further including means for receiving and processing said authentication information communication from said first machine to said second machine over said communication means; means for acquiring and transmitting a second authentication acknowledgement on said communication means from said second machine to said first machine; and wherein said first machine further includes means for comparing said first authentication acknowledgement and said second received authentication acknowledgement for determining a second authentication of said service process. - View Dependent Claims (2)
-
-
3. A method for authentication a requestor process at a first node of a service process running at a second node in a distributed data processing system comprising:
-
executing in a first machine an operating system; said requestor process; and a first authentication agent program defining a corresponding first authentication policy independently of said operating system; constructing with said first machine authentication information and a first authentication acknowledgement supporting said first authentication policy; executing in a second machine an operating system; a service process; and a second authentication agent program defining a corresponding second authentication policy independently of said operating system; receiving and processing with said second machine said authentication information communicated from said machine to said second machine; acquiring and transmitting with said second machine a second authentication acknowledgement from said second machine to said first machine; and comparing with said first machine said first authentication acknowledgement and said second received authentication acknowledgement for determining a second authentication of said service process. - View Dependent Claims (4)
-
Specification