| 摘要 |
A management server manufactures a secure, tamper-resistant token for a particular user specifying the permissions and authorizations that user possesses. The token may be in the form of a digitally-signed message specifying, for example, a particular computer and associated port number that the user is permitted to access. The management server delivers the token to the user, preferably over a secure communications session. When challenged, the user presents the secure token to the security proxy server. The security proxy server examines the token to be sure it is authentic and has not be tampered with, and then extracts information contained in the token to determine the user's authorization to access a particular computer, particular port number and/or other resource. The security proxy server then establishes authorized communication with the authorized computing resource based on the information contained in the user's token, and thereafter may act in one embodiment as essentially a passthrough or proxy for permitting the user to access and communicate with the resource.
|
