Globally trusted credentials leveraged for server access control
First Claim
1. An access control method implemented on a computing system, the method comprising:
- identifying at least one resource principal for which an application program lacks at least one local trusted credential for authenticating at least one purported client credential provided in connection with at least one local access request on a first computer on which the application program is executing; and
authorizing at least one client to access the application program based on a determination by at least one separate non-local trusted authority, executing on a second computer different from the first computer, that the at least one purported client credential is valid for the at least one resource principal, andproviding access to the application program based on the determination by the at least one separate non-local authority,wherein the application program maintains locally trusted credentials for authenticating client credentials provided for local access requests.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, computer-readable media and application program interfaces are disclosed for enabling server applications to verify purported authentication information, such as passwords, provided by clients in connection with server access requests by leveraging trusted credentials maintained by separate trusted authorities. In some cases, the server applications may lack trusted credentials that may be used to verify the purported authentication information. In those cases, the server applications may identify security principal accounts managed by the separate trusted authorities for which the provided authentication information may be purported to be valid for by the requesting clients. Further, the server applications may request the separate trusted authorities to authenticate the purported authentication information before granting access to the requesting clients. In other cases, the server applications may maintain locally trusted credentials that may be used to verify the provided authentication information without involving the separate trusted authorities.
70 Citations
20 Claims
-
1. An access control method implemented on a computing system, the method comprising:
-
identifying at least one resource principal for which an application program lacks at least one local trusted credential for authenticating at least one purported client credential provided in connection with at least one local access request on a first computer on which the application program is executing; and authorizing at least one client to access the application program based on a determination by at least one separate non-local trusted authority, executing on a second computer different from the first computer, that the at least one purported client credential is valid for the at least one resource principal, and providing access to the application program based on the determination by the at least one separate non-local authority, wherein the application program maintains locally trusted credentials for authenticating client credentials provided for local access requests. - View Dependent Claims (2, 3, 4)
-
-
5. At least one computer-readable storage medium having at least one instruction stored thereon, which when executed by at least one processing system in conjunction with at least one application program, causes the at least one application program to implement at least one access control method, the at least one medium comprising at least one instruction for:
-
identifying at least one resource principal for which the at least one application program lacks at least one local trusted credential for authenticating at least one purported client credential provided in connection with at least one local access request on a first computing system on which the application program is executing; authorizing at least one client to access the at least one application program based on a determination by at least one separate non-local trusted authority, executing on a second computing system different from the first computing system, that the at least one purported client credential is valid for the at least one resource principal, and providing access to the at least one application program based on the authorizing of the at least one client to access the at least one application program, wherein the application program maintains locally trusted credentials for authenticating client credentials provided for local access requests. - View Dependent Claims (6, 7, 8)
-
-
9. A computer readable storage medium having at least one application program interface (API) tangibly embodied as at least one instruction stored on the computer-readable storage medium, which when executed by at least one processing system in conjunction with at least one application program, causes the at least one application program to implement at least one access control method, the at least one API comprising:
-
at least one access interface that accepts at least one request to access the at least one application program; and at least one credential parameter that accepts at least one purported client credential provided in connection with at least one call to the at least one access interface for which the at least one application program lacks at least one local trusted credential for authenticating, on a first computing system on which the application program is executing, and for which the at least one application program requests at least one separate non-local trusted authority to authenticate on a second computing system different from the first computing system, wherein the at least one interface grants access to the at least one application program on a determination based the at least one credential credential parameter, and wherein the at least one application program maintains locally trusted credentials for authenticating client credentials for access requests. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer implemented method of requesting access to at least one application program on an application server, the method comprising:
-
calling at least one access interface that has at least one credential parameter for requesting access to the at least one application program executing on a first computing system; and providing the at least one credential parameter with at least one purported client credential for which the at least one application program lacks at least one local trusted credential for authenticating and for which the at least one application program requests at least one separate non-local trusted authority to authenticate on a second computing system different from the first computing system, wherein the at least one application program maintains locally trusted credentials for authenticating client credentials for access requests; and accessing the application program on a determination based on the at least one credential parameter. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification