Method and system for resource based authentication
First Claim
1. A method, comprising:
- intercepting, by a policy agent at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies;
in response to said intercepting;
determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy;
selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining;
if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and
if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy;
wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module and wherein each authentication module is configured to authenticate the client wherein at least one authentication module is an LDAP authentication module or a certificate authentication module;
the content server providing the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy;
wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for resource based authentication may include, in response to a client attempting to access a protected resource of a system, implementing resource based authentication. A policy agent may intercept the client access request and redirect it to an appropriate authentication gateway module based upon authentication polices. If the protected resource is not associated with any resource specific authentication technique, the policy agent may apply a default authentication technique. If, however, the protected resource is associated with a particular resource specific authentication technique, the policy agent may apply the resource specific authentication technique without applying the default authentication technique.
56 Citations
15 Claims
-
1. A method, comprising:
-
intercepting, by a policy agent at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies; in response to said intercepting; determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy; selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining; if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy; wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module and wherein each authentication module is configured to authenticate the client wherein at least one authentication module is an LDAP authentication module or a certificate authentication module; the content server providing the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy; wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A device, comprising:
-
a processor; and a memory storing program instructions executable by the processor to implement; a policy agent intercepting, at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies; in response to said intercepting; determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy; selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining; if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy; wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module and wherein each authentication module is configured to authenticate the client wherein at least one authentication module is an LDAP authentication module or a certificate authentication module; instructing the content server to provide the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy; wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer accessible storage medium, storing program instructions computer-executable to implement:
-
intercepting, by a policy agent at a content server, an access request from a client to the content server for a protected resource of a system, wherein the client is not currently authenticated by the system, and wherein the system comprises a default authentication policy and is configurable to provide resource specific authentication policies; in response to said intercepting; determining, at the content server, whether or not the protected resource has an associated resource specific authentication policy; selecting an appropriate authentication gateway or authentication module, wherein said selecting is performed at the content server and is performed based on said determining; if the protected resource has an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the resource specific authentication policy without applying the default authentication policy; and if the protected resource does not have an associated resource specific authentication policy, communicating with the selected authentication gateway or authentication module at an authentication server to apply the default authentication policy; wherein the authentication gateway is configured to invoke either a default authentication module or a resource-specific authentication module, and wherein each authentication module is configured to authenticate the client, wherein at least one authentication module is an LDAP authentication module or a certificate authentication module; instructing the content server to provide the client access to the protected resource dependent on a result from the authentication server applying the resource specific authentication policy or the default authentication policy; wherein the content server and the authentication server applying the resource specific authentication policy or the default authentication policy are separate servers. - View Dependent Claims (12, 13, 14, 15)
-
Specification