发明名称 |
Access system interface |
摘要 |
An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services. |
申请公布号 |
US8935418(B2) |
申请公布日期 |
2015.01.13 |
申请号 |
US200812255787 |
申请日期 |
2008.10.22 |
申请人 |
Oracle International Corporation |
发明人 |
Knouse Charles W.;Gupta Minoo |
分类号 |
G06F15/16;H04L29/08;H04L29/06 |
主分类号 |
G06F15/16 |
代理机构 |
Kilpatrick Townsend & Stockton LLP |
代理人 |
Kilpatrick Townsend & Stockton LLP |
主权项 |
1. A method for controlling access to one or more network resources, the method comprising:
receiving at an access control device without a web agent front end and through an Application Program Interface (API) that is not a web page or provided through a web page a request for access to the network resource from an application executing on an application server, wherein the request includes encrypted session state information from a cookie provided by a client, and wherein the application server and access control device do not have access to a key for decrypting the session state information from the cookie; requesting by the access control device authentication of a user of the application making the request from an access server based on the encrypted session state information from the cookie; receiving at the access control device from the access server an indication of authentication of the user of the application and decrypted session state information from the cookie; applying by the access control device one or more access rules to the indication of authentication and the decrypted information from the cookie, the access rules defined in a plurality of nodes of a hierarchical policy domain; and determining by the access control device whether to allow the requested access based on the indication of authentication of the user and said applying one or more access rules. |
地址 |
Redwood Shores CA US |