Access system interface

摘要

An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services.

主权项

1. A method for controlling access to one or more network resources, the method comprising:
receiving at an access control device without a web agent front end and through an Application Program Interface (API) that is not a web page or provided through a web page a request for access to the network resource from an application executing on an application server, wherein the request includes encrypted session state information from a cookie provided by a client, and wherein the application server and access control device do not have access to a key for decrypting the session state information from the cookie; requesting by the access control device authentication of a user of the application making the request from an access server based on the encrypted session state information from the cookie; receiving at the access control device from the access server an indication of authentication of the user of the application and decrypted session state information from the cookie; applying by the access control device one or more access rules to the indication of authentication and the decrypted information from the cookie, the access rules defined in a plurality of nodes of a hierarchical policy domain; and determining by the access control device whether to allow the requested access based on the indication of authentication of the user and said applying one or more access rules.