There are many types of computing services, resources and data that computer users and applications need to manage and otherwise access, such as services and data maintained on corporate networks and other remotely accessible sites including intranets and the internet. As there are many different computing platforms, various platform-independent mechanisms and protocols that facilitate the exchange of network information are becoming commonplace, including HTTP (HyperText Transfer Protocol), XML (extensible Markup Language), XML Schema, and SOAP (Simple Object Access Protocol) XML. The concept of web services, in which businesses, organizations, and other providers offer services to users and applications, is based on these standards.
To be of value, web services need to enable users and applications to locate them, and exchange the information needed to execute them. To this end, UDDI (Universal Description Discovery & Integration) provides a set of defined services (e.g., in a universal business registry) that help users and applications discover such businesses, organizations, and other web services providers, along with a description of their available web services and the technical interfaces needed to access those services.
However, much of the services, resources and data offered on networks need to be secure, and networks also need to limit the requesting entity to only actions and information for which the entity is authorized. Although UDDI contemplates the need for security, there is no particular mechanism to accomplish authentication and authorization in UDDI, let alone one that can leverage existing security infrastructures. What is needed is a way for authentication and authorization to be performed within the framework of UDDI or a similar platform-independent framework that can leverage security infrastructures, including those that presently exist and those yet to be developed.