Unified authentication for web method platforms
First Claim
1. A computer-implemented system configured to authenticate one or more clients on a web method platform, the computer-implemented system comprising:
- a processor;
a platform component configured to allow authenticated access to one or more web methods by a plurality of clients;
a unified session authentication component configured to bootstrap an authenticated session unique to a type of client and utilize a subsequent mechanism to facilitate accessing the web methods, wherein the subsequent mechanism is common to the plurality of clients;
a trust-tier determination component configured to assign a trust-tier level to one or more of the plurality of clients and control access to the web methods based, at least, in part, on the trust-tier level, wherein the trust-tier level is assigned based, at least, in part, on a type of device using one or more of the plurality of the clients, wherein at least one of the plurality of clients is an application server in a farm of application servers and one or more of the application servers comprise a keyset manager synchronized between the farm of application servers to ensure validity of shared secrets and private keys; and
a computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to implement at least one of the platform component, the unified session authentication component or the trust-tier determination component.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication mechanism is provided for a web method platform that allows homogeneous access for different types of clients according to a bootstrapping procedure utilized to establish the session. Different clients can be assigned different levels of trust based in part on the bootstrapping procedure and/or information provided during the procedure. The bootstrapping procedure can produce a token that is used by the clients in subsequent requests to provide previous authentication or state information to the platform. The token can comprise a shared secret used to ensure integrity of communications in some cases, and the token can be opaque to the client. Tokens can expire and require a client to re-bootstrap to provide higher levels of authentication protection, and tokens can be shared among a plurality of application servers to facilitate effective handling of requests in a farmed environment.
-
Citations
17 Claims
-
1. A computer-implemented system configured to authenticate one or more clients on a web method platform, the computer-implemented system comprising:
-
a processor; a platform component configured to allow authenticated access to one or more web methods by a plurality of clients; a unified session authentication component configured to bootstrap an authenticated session unique to a type of client and utilize a subsequent mechanism to facilitate accessing the web methods, wherein the subsequent mechanism is common to the plurality of clients; a trust-tier determination component configured to assign a trust-tier level to one or more of the plurality of clients and control access to the web methods based, at least, in part, on the trust-tier level, wherein the trust-tier level is assigned based, at least, in part, on a type of device using one or more of the plurality of the clients, wherein at least one of the plurality of clients is an application server in a farm of application servers and one or more of the application servers comprise a keyset manager synchronized between the farm of application servers to ensure validity of shared secrets and private keys; and a computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to implement at least one of the platform component, the unified session authentication component or the trust-tier determination component. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method to provide one or more application servers authenticated access to platform data, the computer-implemented method comprising:
executing on a processor, instructions that, when executed, perform a method comprising; receiving credentials related to a user of an application server and a message authentication code key related to the application server; generating a token for subsequent requests, wherein the token includes the message authentication code key; sending the token to the application server as part of a bootstrapping procedure; and assigning a trust-tier level to the application server, wherein the trust-tier level is assigned based, at least, in part, on the application server and a device accessing the application server, and wherein the application server functions in a farm of application servers and one or more of the application servers comprise a keyset manager synchronized between the farm of application servers to ensure validity of shared secrets and private keys. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. A computer-readable storage medium, where the medium is not a signal, storing computer-executable instructions that, when executed by a computing device, cause the computing device to perform operations comprising:
-
bootstrapping an authenticated session request with one or more disparate clients to provide subsequent access to one or more exposed web methods; and assigning a trust-tier level to the one or more disparate clients based, at least, in part on the bootstrapping and a device by which the one or more disparate clients access the one or more exposed web methods, wherein access to the one or more web methods is controlled based, at least, in part on the trust-tier level, wherein at least one of the disparate clients is an application server in a farm of application servers and one or more of the application servers comprise a keyset manager synchronized between the farm of application servers to ensure validity of shared secrets and private keys. - View Dependent Claims (17)
-
Specification