Extranet access management apparatus and method
First Claim
Patent Images
1. An apparatus for managing access for an extranet, comprising:
- a plurality of domain web server, to which a plurality of users are subscribed,an authentication and authorization (AA) server for managing access authentication and authorization for the domain web server,an authority information storing module for storing authentication information and authorization information of the users, anda user web browser interconnected with the AA server and the domain web server,wherein the AA server comprises;
an AA module for authenticating the users and setting Role values in an AA cookie of the authenticated user;
an access control list (ACL) cache control module for synchronizing ACL caches of the respective domain web server with the AA server;
an encryption module for encrypting the AA cookies to be given to each user; and
a schema provider and user provider for providing an operation system independent of the authority information storing module,wherein the domain web server comprises;
an ACL cache which is delivered from the AA server;
an AA module for checking, by using the ACL cache, whether the user has authority to access a requested resource;
a decryption module for decrypting the encrypted AA cookies; and
a module for processing a resource request from the user web browser,wherein the domain web server is configured to extract the Role values from the AA cookie of the user, extracts an access control entry (ACE) of the requested resource from the ACL cache, and grant an access authority to the user if the ACE of the requested resource exists in the extracted Role values.
1 Assignment
0 Petitions
Accused Products
Abstract
Managing access to an extranet for an extended service provider (xSP) includes decentralizing the role of access management by using cached access control list (ACL) information, and synchronizing decentralized access management roles using an authentication and authorization (AA) server. Insufficiency of session management is overcome by adopting authentication/authorization based on a web browser cookie.
23 Citations
4 Claims
-
1. An apparatus for managing access for an extranet, comprising:
-
a plurality of domain web server, to which a plurality of users are subscribed, an authentication and authorization (AA) server for managing access authentication and authorization for the domain web server, an authority information storing module for storing authentication information and authorization information of the users, and a user web browser interconnected with the AA server and the domain web server, wherein the AA server comprises; an AA module for authenticating the users and setting Role values in an AA cookie of the authenticated user; an access control list (ACL) cache control module for synchronizing ACL caches of the respective domain web server with the AA server;
an encryption module for encrypting the AA cookies to be given to each user; anda schema provider and user provider for providing an operation system independent of the authority information storing module, wherein the domain web server comprises; an ACL cache which is delivered from the AA server; an AA module for checking, by using the ACL cache, whether the user has authority to access a requested resource; a decryption module for decrypting the encrypted AA cookies; and a module for processing a resource request from the user web browser, wherein the domain web server is configured to extract the Role values from the AA cookie of the user, extracts an access control entry (ACE) of the requested resource from the ACL cache, and grant an access authority to the user if the ACE of the requested resource exists in the extracted Role values. - View Dependent Claims (2, 3, 4)
-
Specification