WEB SERVICES SECURITY SYSTEM

摘要

The invention refers to the industry of information technology. It is usable for authentication and authorization of a user in a computer system that has been developed using Service Oriented Architecture. In general it is usable for web service authentication and authorization. The goal is to optimize data flows for the needs of authorization and to reach the required security level, as well as to maximize availability of the computer system. The user's management system containing a web service security system's authorization server and the client's software is additionally equipped with authorization mapping adapter, control unit for remote authorization server and data base for storage of issued security tokens. The supplementary modules provide authorization data mapping for invited web service, verification of security token in other remote authorization servers of the same type, as well as the localization of token. The data base for storage of security tokens allows to renew the computer's system state after unexpected interruptions and to build clusters of servers to improve common availability of computer system. The efficiency of invention makes its appearance in computer systems that are designed of many different web services with different authorization methods. As an example can be mentioned e-services where functionality of many different computer systems is used.