摘要 |
PROBLEM TO BE SOLVED: To provide an extension of trustable third party authentication for Web services. SOLUTION: Web services trust and delegate user authentication responsibility to a trustable third party that acts as an identity provider for the trusting Web services. The trustable third party authenticates users through common authentication mechanisms, such as, for example, user name/password and X.509 certificates and uses initial user authentication to bootstrap subsequent secure sessions with Web services. Web services construct user identity context using a service session token issued by the trustable third party and reconstruct security states without having to use a service-side distributed cache. COPYRIGHT: (C)2006,JPO&NCIPI |