METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS TO APPLICATIONS

摘要

Figure 1, depicts a preferred embodiment of a system (100), which may be used to support the present invention. The client/server configuration illustrated in Figure 1, includes clients (101), application server (102), and authentication/authorization server (103), on the client machine, compliant WWW Browser, a certificate (104) can be stored on the client machine (101), and authentication session cookie (105) can also be stored on the client machine (101). Application server (102) and authentication /authorization server (103) are shown as two separate servers, the components of and functionality performed by each server may be combined into a single server or may be spread out over multiple servers. Client (101), application server (102), and authentication/authorization server (103) are linked together to form a computer network and a my sql database (110), such as a local network, a wide area network, or the Internet. Database (107) stores information specific to the applications (106). Component (108) of authentication/authorization server (103) encapsulates services available to applications (106) an application server (102). Two types of services are available: authorization service (112) and user data service (111). Authorization service (112) may be used by an application (106) to query for authorization rights for a specific user regarding a specific resources. User data service (111) may be used by an application (106) to query for information about a user. Component (109) encapsulates modules of the system (100) with which users interact. Administration module (113) of component (109) allows an administrative user, with proper authorization, to view and update system parameters, in accordance with one embodiment. Administration module (113) is uded to register form the authentication/authorization server (103). Authentication module (116) maintains data pertinent to the user’s registration whit the system. Account manager (117) allows users to manage their permits. Permit module (114) is responsible for displaying information about permits, Delegation module (115) is responsible for creating permits.