The following description relates to computing environment security methods and systems.
Security mechanisms are widely employed in computing environments to inhibit access by a user to computing resources until after the identity of the user has been authenticated. One type of authentication mechanism includes a single sign-on (SSO) security process. Typically, an SSO process requires a user to provide one or more pieces of validating data in a single sign-on interface in a display. Once authenticated, the user gains access to computing resources, usually for the entire course of a computing session.
Conventional SSO processes, however, lack the granularity of “pluggability,” that is, implementation of such processes are generally designed for a global software environment and not for specific applications or content. Accordingly, many applications or content in a computing environment usually have the same authentication requirements despite different security requirements. For instance, one application may provide access to content that is more confidential than content accessible by another application.
Ordinarily, web applications have a certain flow during logon, e.g. first check for a SSO token, and if not present, display a logon screen for authentication against the user master source. This flow might be sufficient for ordinary users, but some special users may require access to special context where strong authentication with SSL and mutual authentication is required. Several examples could be a manager that accesses sensitive human resource (HR) data, or administrator that needs access to administrative components of a web portal. The fact that some content needs stronger protection does not only mean that the set of authorized persons is restricted; it also means that authentication must be more difficult to fake or eavesdrop.
Additionally, different users may have different security requirements. For example, a user may have access to applications and content through a role-based enterprise portal, also known as their “workplace.” If each user requires unique access requirements, an enterprise, particularly the larger ones, would have to create an corresponding large number of different workplaces and associated authentication requirements, and identify and code the workplace requirements for each user. More than ever, enterprises need to identify and create authentication mechanisms for their computing systems that can be generic yet still meet the enterprise's varied security and access objectives.