Business-to-business security integration
First Claim
1. A system for controlling access to computing resources within an enterprise comprising:
- a web server and a web security agent controlling access to Uniform Resource Locators (URLs);
a security gatekeeper and an access server controlling access to Application Programming Interfaces (APIs); and
a core security framework used by both the web server and web security agent and by both the security gatekeeper and the access server to store security data and policies and approve or deny requests for access to URLs and APIs, wherein the security gatekeeper sends a data request made by a user with security related information to the core security framework to authenticate the user and to authorize the user, wherein the core security framework informs the security gatekeeper whether the user has been authenticated and authorized, wherein the security gate keeper forwards the data request to the access server when the security gate keeper is informed that the user has been authenticated and authorized, the access server provides the user with the requested data.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for controlling access to computing resources within an enterprise. The system can consist of a web server and a web security agent controlling access to URLs, a security gatekeeper and an access server controlling access to APIs, and a core security framework used by both the web server and web security agent and the security gatekeeper and access server to store security data and policies and make security decisions. The access server can be a SOAP server. The core security framework can consist of a policy store, a data store, and a policy server, where the data store can be a relational database or a directory. A session token can be attached to an approved request for access to an API and can provide access to the API for the duration of a session.
-
Citations
34 Claims
-
1. A system for controlling access to computing resources within an enterprise comprising:
-
a web server and a web security agent controlling access to Uniform Resource Locators (URLs); a security gatekeeper and an access server controlling access to Application Programming Interfaces (APIs); and a core security framework used by both the web server and web security agent and by both the security gatekeeper and the access server to store security data and policies and approve or deny requests for access to URLs and APIs, wherein the security gatekeeper sends a data request made by a user with security related information to the core security framework to authenticate the user and to authorize the user, wherein the core security framework informs the security gatekeeper whether the user has been authenticated and authorized, wherein the security gate keeper forwards the data request to the access server when the security gate keeper is informed that the user has been authenticated and authorized, the access server provides the user with the requested data. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for communication between two independent computing domains comprising:
-
a security gatekeeper within the second domain to intercept an invocation from the first domain to an API in the second domain; a core security framework coupled to the security gatekeeper wherein the security gatekeeper sends security-related information in the invocation to the core security framework, the core security framework authenticates an entity making the invocation and authorizes the entity to invoke the API, and the core security framework informs the security gatekeeper that the entity making the invocation has been authenticated and authorized; and an access server coupled to the security gatekeeper wherein the security gatekeeper informs the access server that the entity making the invocation has been authenticated and authorized and the access server provides the entity making the invocation with access to the API; wherein the core security framework is also used to control access to URLs within the second domain. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of communicating between two independent computing domains comprising:
-
a user within the first domain sending to the second domain a SOAP-compliant data request that also contains security-related information; a security gatekeeper within the second domain intercepting the data request; the security gatekeeper sending the data request to a core security framework within the second domain; the core security framework using the security-related information in the data request to authenticate the user and authorize the user to retrieve the requested data; the core security framework returning the data request to the security gatekeeper and informing the security gatekeeper that the user has been authenticated and authorized; the security gatekeeper sending the data request to a SOAP server and informing the SOAP server that the user has been authenticated and authorized; and the SOAP server providing the user with access to the requested data; wherein the core security framework is also used to control access to URLs within the second domain. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for a user within a first enterprise to gain access to data within a second enterprise comprising:
-
the user logging in to a secure computing domain within the first enterprise; the user requesting data from the second enterprise; the first enterprise adding security information to the data request and sending the data request and security information to the second enterprise; a security gatekeeper within the second enterprise intercepting the security information; the security gatekeeper sending the security information to a core security framework within the second enterprise; the second enterprise'"'"'s core security framework approving or denying the user'"'"'s access to the requested data based on the security information; and upon approval, the second enterprise sending the requested data to the user. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A method for a user within a second enterprise to gain access to data within a first enterprise comprising:
-
the user logging in to a secure computing domain within the second enterprise; the user requesting data from the first enterprise; the second enterprise adding security information to the data request and sending the data request and security information to the first enterprise; the first enterprise sending the security information to the second enterprise; a security gatekeeper within the second enterprise intercepting the security information; the security gatekeeper sending the security information to a core security framework within the second enterprise; the second enterprise'"'"'s core security framework approving or denying the user'"'"'s access to the requested data based on the security information; upon approval, the second enterprise informing the first enterprise that the user is allowed access to the requested data; and the first enterprise sending the requested data to the user. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification