摘要 |
A computer system 300 contains an agent 303 which modifies the ordinary behaviour of a native security system 103, such as to allow security decisions with alternate granularity or an alternate set of access rights. The agent 303 intercepts authorisation requests made by applications 109 for resources 110 identified by URIs 111 and sends amended requests to the security system 103. An alternate authorisation mechanism 307 of the agent 303 is invoked by the security system 103, whereupon the agent 303 may selectively allow or deny the request according to the originally presented URI 111. |