摘要:
A security architecture for telecommunications services is provided that includes a first and second user interfaces, a first and second web servers, a service broker, application servers, and data stores. The first user interface is for enterprise users to access an enterprise. The first web server communicates with the first user interface. The application servers run enterprise applications which communicate with the data stores. A customer data is stored on a first portion of one of the data stores and a government data is stored on a second portion. The second user interface is for access to an enterprise by government users. The second web server communicates with the second user interface. The service broker receives requests from the second web server related to the government data and authorizes the enterprise applications to access the government data stored on the second portion of one of the data stores.
摘要:
A CORBA-compliant computer network includes a registration server on which an AAR service resides, a registry database and an ORB which couples the registry server to the registry database. A CORBA-compliant interceptor residing on the ORB intercepts each message, generated by the AAR service, invoking the registry database and each message, generated by the registry database, responding to the invocation message generated by the service of the client server. The interceptor selects information useful in determining the cause of a failed usage of the service residing in the client server from each intercepted invocation and response messages, writes the selected information to a data store residing in the client server and then re-invokes the intercepted invocation and response messages. In the event of a network failure, the data written to the data store may be reviewed to obtain useful information regarding the network failure.
摘要:
A screened subnet for interconnecting an intranet to the Internet includes first and second subnets. A first firewall provides a first level of protection to a portion of the first subnet and to the second subnet while a second firewall provides a second level of protection to the second subnet. A secured utility VLAN provides utility services for the portion of the first subnet and/or the second subnet. The secured utility VLAN is coupled to the screened subnet such that it enjoys an additional level of protection relative to the subnets and/or the portion thereof which it serves. In various embodiments thereof, the screened subnet is configured to include a single, shared, secured utility VLAN for servicing both the portion of the first subnet and the second subnet, or a pair of discrete secured utility VLANs for respectively servicing the portion of the first subnet and the second subnet.
摘要:
A computer implemented method of identity management for application access. The method includes identifying access enabling information for users. The access enabling information related to users of a first enterprise network to enable the users to access applications on a second enterprise network. The method includes obtaining the identified access enabling information from the first enterprise network, and storing the access enabling information in an identity data store. The method also includes provisioning the access enabling information from the identity data store to one or more applications on the second enterprise network to enable the users of the first enterprise network to access the one or more applications on the second enterprise network.
摘要:
A system is for identity management is provided. The system includes an identity management data store, a human resources input, an application registration component, and a security component. The identity management data store stores identity-related information for a user of an application. The identity-related information is mapped within the identity management data store to role information for the user of the application. The human resources input provisions the identity management data store with the identity-related information. The application registration component facilitates the application to provision the identity management data store with the role information for the user of the application. The security component authenticates the user and authorizes the user for access to the application based on the identity-related information. The security component retrieves the role information mapped to the identity-related information and delivers the role information to the application.
摘要:
A CORBA-compliant computer network includes a registration server on which an AAR service resides, a registry database and an ORB which couples the registry server to the registry database. A CORBA-compliant interceptor residing on the ORB intercepts each message, generated by the AAR service, invoking the registry database and each message, generated by the registry database, responding to the invocation message generated by the service of the client server. The interceptor selects information useful in determining the cause of a failed usage of the service residing in the client server from each intercepted invocation and response messages, writes the selected information to a data store residing in the client server and then re-invokes the intercepted invocation and response messages. In the event of a network failure, the data written to the data store may be reviewed to obtain useful information regarding the network failure.
摘要:
A system for controlling access to computing resources within an enterprise. The system can consist of a web server and a web security agent controlling access to URLs, a security gatekeeper and an access server controlling access to APIs, and a core security framework used by both the web server and web security agent and the security gatekeeper and access server to store security data and policies and make security decisions. The access server can be a SOAP server. The core security framework can consist of a policy store, a data store, and a policy server, where the data store can be a relational database or a directory. A session token can be attached to an approved request for access to an API and can provide access to the API for the duration of a session.
摘要:
A system and method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network is provided. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise. Primary authentication information stored herein includes general user information, security, and contact information.