Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket

1. In a data processing system including a client mechanism, a server mechanism including a server resource, and an authorization mechanism, the authorization mechanism including a directory server for storing and providing access rights of the client mechanism to the server resource and the client mechanism generating operation requests for operations to be performed by the server with respect to the server resource, wherein the client mechanism generates a request to the authorization mechanism for an authorization ticket to the server resource and the authorization mechanism responds to a request for an authorization ticket by returning an authorization ticket containing an identification of the client, the authorization ticket being encrypted with an encryption key derived from the password of the server, the client mechanism providing the authorization ticket to the server mechanism is associated with an operation request, the server mechanism decrypting the authorization ticket with the server password and using the client identification to obtain the client access rights of the client mechanism to the server resource, an improved authorization mechanism, comprising:

• a directory server for storing access rights of the client mechanism and information regarding the client mechanism and required by the server mechanism in executing the operation request,a client mechanism for generating a request for an authorization ticket to the server mechanism, the request for an authorization ticket including an identification of the client mechanism,an authorization mechanism for generating a corresponding authorization ticket wherein the authorization ticket includes the access rights of the client mechanism and the information regarding the client mechanism and required by the server mechanism in executing the operation request and is encrypted with an encryption key derived from the password of the server, andthe client mechanism being responsive to the authorization ticket for sending the authorization ticket to the server mechanism in association with the operation request, anda server mechanism for decrypting the authorization ticket with the server mechanism password and obtaining directly the access rights of the client mechanism to the server resource and the information regarding the client mechanism and required by the server mechanism in executing the operation request, whereinthe client information including the client access rights are stored in the directory server in fields identified by generic field tags,the authorization ticket request generated by the client mechanism identifies the client information by tag names identifying the fields containing the required client information,the requested information is stored in the encrypted authorization ticket in fields identified by the corresponding tag names, andthe server mechanism reads the client information from the decrypted authorization ticket by parsing the decrypted authorization ticket with the tag names of the fields containing the necessary client information.