Method of and system for enforcing authentication strength for remote portlets

摘要

In a method of and system for enforcing authentication strength for remote portlets, a portlet is provided by a producer portal and consumed as remote portlet by a consumer portal. The producer portal defines an authentication strength level requirement for the portlet. A user requests the remote portlet from the consumer portal. The consumer portal authenticates the user with a particular authentication method that implies a particular authentication strength level. The producer portal authenticates the consumer portal with a particular authentication method that implies a particular authentication strength assertion level. The consumer portal requests the portlet from the producer portal with an assertion of the authentication strength level of the user. The producer portal rejects the request from the consumer portal if the authentication strength level of the user is less than the authentication strength level requirement for the portlet. The producer portal also rejects the request from the consumer portal if the authentication strength assertion level of the consumer portal is not high enough to assert the authentication strength level of the user. The producer portal accepts the request from the consumer portal only if the authentication strength level of the user is not less than the authentication strength level requirement for the portlet and the authentication strength assertion level of the consumer portal is high enough to assert the authentication strength level of the user.

主权项

1. A system for enforcing authentication strength for remote portlets, the system comprising:
a consumer portal; a producer portal in communication with said consumer portal; logic executing on the producer portal that performs the functions of:
authenticating a user to said consumer portal, said user having an authentication strength level;receiving a request from said user at said consumer portal for a portlet, said portlet being produced by said producer portal and said portlet having an authentication strength level requirement;authenticating said consumer portal to said producer portal, said consumer portal having an authentication strength assertion level;sending a request for said portlet and an assertion of said authentication strength level of said user from said consumer portal to said producer portal;rejecting said request from said consumer portal if said authentication strength level of said user is less than said authentication strength level requirement for said portlet;rejecting said request from said consumer portal if said authentication strength assertion level of said consumer portal is not high enough to assert said authentication strength level of said user; andaccepting said request from said consumer portal if said authentication strength level of said user is not less than said authentication strength level requirement for said portlet and said authentication strength assertion level of said consumer portal is high enough to assert said authentication strength level of said user.