摘要 |
In Public Key Infrastructure ("PKI") applications, a key pair (public key and private key) is used to provide strong authentication and encryption services. The key pair is associated with the user by the use of a "certificate," which contains the user's public key as well as attributes associated with that user. This invention relates to the use of these attributes to control the access to a protected resource given to authenticated users. The attributes within a user's public key certificate are filtered by an attribute filter referenced by the proxy definition in order to control access to a protected resource. Further limitation of access to a protected resource is accomplished by association with server input and output addresses.
|