System and method for bridging identities in a service oriented architecture
First Claim
1. A system for bridging user identities between at least a first security domain and a second security domain, comprising:
- a. a bridge associated with said first security domain for intercepting messages for service in said second security domain from users in said first domain and for authenticating an identity of said user against a local authentication source by using an established key relationship and for binding a security token with said message;
b. a gateway network appliance associated with said second domain for gating inbound access and outbound communication with a service in said second domain and for receiving an authenticated message and verifying an authenticity of said security token by using a certificate of a trusted authentication source and authorizing access to said service upon confirmation of an authorization, such that said authorization is independent of the identity of said user; and
c. an agent in said first domain for i) preparing and modifying said message by applying one or more logical expressions requested and received from said gateway network appliance according to a dynamically updateable policy received from said second domain and stored at said agent and ii) receiving and applying directly from the gateway network appliance any policy changes.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for bridging user identities between at least a first and a second security domain, including a bridge associated with the first security domain for intercepting messages for service in the second domain from users in the first domain. The bridge authenticates the user identities against a local authentication source by using an established key relationship and binds a security token with the message. A gateway is associated with the second domain for gating inbound access and outbound communication with a service in the second domain and for receiving the authenticated message and verifying the authenticity of the security token by using a certificate of the trusted authentication source and authorising access to the service upon confirmation of the authorisation, such that the authorisation is independent of the identity of the user.
-
Citations
1 Claim
-
1. A system for bridging user identities between at least a first security domain and a second security domain, comprising:
-
a. a bridge associated with said first security domain for intercepting messages for service in said second security domain from users in said first domain and for authenticating an identity of said user against a local authentication source by using an established key relationship and for binding a security token with said message; b. a gateway network appliance associated with said second domain for gating inbound access and outbound communication with a service in said second domain and for receiving an authenticated message and verifying an authenticity of said security token by using a certificate of a trusted authentication source and authorizing access to said service upon confirmation of an authorization, such that said authorization is independent of the identity of said user; and c. an agent in said first domain for i) preparing and modifying said message by applying one or more logical expressions requested and received from said gateway network appliance according to a dynamically updateable policy received from said second domain and stored at said agent and ii) receiving and applying directly from the gateway network appliance any policy changes.
-
Specification