Secure resource access in a distributed environment
First Claim
1. In a computer network, a method for granting a request from a first resource to access a second resource, comprising:
- receiving, from a client, a request to access the first resource;
directing the client to an authorization service;
the authorization service generating an authorization ticket and providing the authorization ticket to the first resource;
on behalf of the first resource, presenting the authorization ticket and requesting access to the second resource; and
granting the first resource access to the second resource only upon verification that the authorization ticket was generated by a source trusted by the second resource.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing a first network resource with secure but limited access to a second network resource. A method embodying the invention includes receiving, from a client, a request to access the first resource. The client is then directed to an authorization service. The authorization service generates an authorization ticket and provides the authorization ticket to the first resource. On behalf of the first resource, the authorization ticket is presented to the second resource with a request to access the second resource. The request is granted only if it can be verified that the authorization ticket was generated by a source trusted by the second resource.
56 Citations
26 Claims
-
1. In a computer network, a method for granting a request from a first resource to access a second resource, comprising:
-
receiving, from a client, a request to access the first resource; directing the client to an authorization service; the authorization service generating an authorization ticket and providing the authorization ticket to the first resource; on behalf of the first resource, presenting the authorization ticket and requesting access to the second resource; and granting the first resource access to the second resource only upon verification that the authorization ticket was generated by a source trusted by the second resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer readable medium having instructions for:
-
receiving, from a client, a request to access a first resource; directing the client to an authorization service to request an authorization ticket; acquiring from the authorization service an authorization ticket following a request from the client; and requesting, on behalf of the first resource, access to the second resource presenting the acquired authorization ticket. - View Dependent Claims (16, 17)
-
-
18. A system for authorizing a first resource'"'"'s request to access a second resource, comprising:
-
an authorization service operable to generate and provide an authorization ticket for accessing the second resource; a server for the first resource operable to receive, from a client, a request to access the first resource; a resource module for the first resource operable to direct the client to the authorization service to request an authorization ticket to enable the first resource to access the second resource, the resource module being further operable to acquire an authentication ticket generated by the authorization service following a request from the client and to request access to the second resource presenting an acquired authorization ticket; and a security module for the second resource operable to grant the first resource access to the second resource only upon verification that an authorization ticket presented by the resource module was generated by a trusted source. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
-
26. A system for authorizing a first resource'"'"'s request to access a second resource, comprising:
-
a means for generating and providing an authorization ticket for accessing the second resource; a means for receiving, from a client, a request to access the first resource; a means for directing the client to the means for generating an authorization ticket to request an authorization ticket to enable the first resource to access the second resource; a means for acquiring an authentication ticket generated following a request from the client; a means for requesting, on behalf of the first resource, access to the second resource presenting an acquired authorization ticket; and a means for granting the first resource access to the second resource only upon verification that a presented authorization ticket was generated by a trusted source.
-
Specification