1. Field of the Invention
This invention relates to the field of computer systems management and, in particular, to methods, systems, and computer program products for identifying and accessing information technology (IT) resources.
2. Description of Background
One of the important goals of resource virtualization is being able to access a variety of resources using a set of standard interfaces, irrespective of the different security domains to which these resources may belong. A security domain can be described as a domain which uses a single user registry and associated authentication mechanisms for authentication.
In many resource management scenarios, it is apparent that various resources may belong to any of a multiplicity of different security domains. Thus, there is a need for federating these security domains using credential transformation services for achieving end to end security. A web service known as the Virtualization Engine (VE) Foundation, an on demand resource management solution, introduces security services aimed at providing secure end to end interactions between the VE Foundation services and other web services deployed in a given environment. Specifically, these security capabilities are intended to enable secure interaction between the VE Foundation services and the manageable resources. In order to ensure secure interaction between services deployed in different security domains, the VE Foundation provides a credential transformation service that conforms to an interoperability standard known as WS-Trust. This credential transformation service (CTS) is called by a web services runtime as a normal part of client side interaction during invocation of one service from another.
Currently there are no mechanisms available for recognizing the notion of security domain during a web service call. For example, an endpoint reference (EPR) is security domain agnostic. In most cases, a source web service does not know where target web services are deployed, nor does the source web service know the identities of the security domains to which the target web services belong. Thus, utilization of CTS is required to determine the correct credential before the source web service can invoke the target web service. However, a call to CTS results in unnecessary performance degradation in situations where the source and target web services reside in the same security domain and where the source and target web service runtimes employ the same authentication mechanisms. In these situations, no credential transformation is required. Accordingly, what is needed is a technique for eliminating credential transformation in situations where such transformation is unnecessary and could possibly degrade performance.