Maintaining authentication states for resources accessed in a stateless environment
First Claim
1. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the computer system, a method for validating authentication information that is associated with a request to access a resource so as to determine the state of the resource, the method comprising:
- receiving a request via a stateless protocol to access a resource that requires authentication information inherent to access control mechanisms of the stateless protocol; and
using the authentication information inherent to access control mechanisms of the stateless protocol and resource access requirements attributes for determining a session state for access to the resource;
determining validation information, the validation information being distinct from the authentication information, the validation information containing information other than authentication information and the validation information incorporating the previously determined session state information, and wherein the validation information is subsequently used with the distinct authentication information to determine whether access to the resource should be granted;
setting the validation information within the system requesting access to the resource;
the requesting system sending the previously set validation information and sending the authentication information inherent to access control mechanisms of the stateless protocol with a subsequent request to access a resource included in the computer system;
using the previously set validation information and the authentication information inherent to the stateless protocol'"'"'s access control mechanisms to determine a session state; and
using the validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine if access to the resource is to be granted wherebyif and only if both the validation information is appropriate for accessing the resource and the authentication information is appropriate for accessing the resource, then access to the resource is granted, butif either the validation information is not appropriate for accessing the resource or if the authentication information is not appropriate for accessing the resource, then access to the resource is not granted.
2 Assignments
0 Petitions
Accused Products
Abstract
A providing computer system may receive a request, via a stateless protocol, to access a resource. An access control application may refer to administrative rules to set validation information associated with the request. Validation information may be in the form of electronic text that is stored in a location such as a cookie or state-table. Validation information may indicate the state of a session associated with a resource, such as whether a session is in a logged-in or logged-out state. When a request is received, validation information and authentication information may be utilized together to determine if access to a resource should be granted. When access to a resource is granted or denied, validation information may be updated to indicate that the state of the session has changed.
-
Citations
34 Claims
-
1. In a computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the computer system, a method for validating authentication information that is associated with a request to access a resource so as to determine the state of the resource, the method comprising:
-
receiving a request via a stateless protocol to access a resource that requires authentication information inherent to access control mechanisms of the stateless protocol; and using the authentication information inherent to access control mechanisms of the stateless protocol and resource access requirements attributes for determining a session state for access to the resource; determining validation information, the validation information being distinct from the authentication information, the validation information containing information other than authentication information and the validation information incorporating the previously determined session state information, and wherein the validation information is subsequently used with the distinct authentication information to determine whether access to the resource should be granted; setting the validation information within the system requesting access to the resource; the requesting system sending the previously set validation information and sending the authentication information inherent to access control mechanisms of the stateless protocol with a subsequent request to access a resource included in the computer system; using the previously set validation information and the authentication information inherent to the stateless protocol'"'"'s access control mechanisms to determine a session state; and using the validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine if access to the resource is to be granted whereby if and only if both the validation information is appropriate for accessing the resource and the authentication information is appropriate for accessing the resource, then access to the resource is granted, but if either the validation information is not appropriate for accessing the resource or if the authentication information is not appropriate for accessing the resource, then access to the resource is not granted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program product for use in a providing computer system that is network connectable to a network and that may receive requests via stateless protocols, wherein received requests may be requests to access resources included in the providing computer system, the computer program product for implementing a method for validating authentication information received in a request to access a resource so as to determine the state of the resource, the computer program product comprising the following:
one or more computer-readable storage media carrying computer-executable instructions, that when executed at the computer system, cause the computer system to perform the method for validating authentication information, wherein the method includes; receiving a request via a stateless protocol to access a resource that requires authentication information inherent to access control mechanisms of the stateless protocol; and using the authentication information inherent to access control mechanisms of the stateless protocol and resource access requirements attributes for determining a session state for access to the resource; determining validation information, the validation information being distinct from the authentication information, the validation information containing information other than authentication information and the validation information incorporating the previously determined session state information, and wherein the validation information is subsequently used with the distinct authentication information to determine whether access to the resource should be granted; setting the validation information within the system requesting access to the resource; the requesting system sending the previously set validation information and sending the authentication information inherent to the stateless protocol'"'"'s access control mechanisms with a subsequent request to access a resource included in the computer system; using the previously set validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine a session state; and using the validation information and the authentication information inherent to access control mechanisms of the stateless protocol to determine if access to the resource is to be granted whereby if and only if both the validation information is appropriate for accessing the resource and the authentication information is appropriate for accessing the resource, then access to the resource is granted, but if either the validation information is not appropriate for accessing the resource or if the authentication information is not appropriate for accessing the resource, then access to the resource is not granted. - View Dependent Claims (34)
Specification