| 主权项 |
1. A system for securing web services on one or more server computers delivered to one or more client computers, comprising:
a. one or more policies stored on said one or more server computers that define rules that must be satisfied for a web service provided by said one or more server computers to be accessed by said one or more client computers; b. an agent process residing on said one or more client computers; c. a local authorization source residing on said one or more client computers; and d. a gateway process residing on said one or more server computers, said agent process detects a refusal for said web service, said agent process requests and receives said one or more policies from said one or more server computers in response to detecting said refusal for said web service, said agent process caches said received one or more policies as a dynamically updateable policy on said one or more client computers, said agent process directly applies any policy changes received from said gateway process to said dynamically updateable policy, said agent process intercepts a service request message for said web service from said one or more client computers and determines an identity associated with said service request message, said agent process authenticates said identity using said local authorization source and acquires a security token from said local authorization source, said agent process decorates said service request message using said security token based on said dynamically updateable policy, said agent process transmits said decorated service request message to said one or more server computers, said gateway process receives said decorated service request message and verifies an authenticity of said security token, said gateway process authorizes access to said web service in response to said authenticity of said security token being verified, said gateway process authorizes access to said web service independent of said identity associated with said service request message. |
