The present invention relates to protection mechanisms in computer systems. More specifically, the present invention relates to a method and an apparatus for controlling access to services.
Programming languages such as the Java.TM. programming language (developed by SUN Microsystems, Inc. of Palo Alto, Calif.) and associated supporting interfaces presently provide a reliable and secure infrastructure to support the transfer of an application across a computer network, and to run the application on a wide range of computing platforms. Because of developments such as Java, it is becoming increasingly common to load an application, such as a Java applet, from a remote server onto a local machine, and to execute the application on the local machine.
However, present computing systems are not designed to allow computer applications from different vendors to interact with each other in a controlled way so that the applications can work together to accomplish a given task. In particular, these systems do not facilitate sharing of data and functions. For example, it may be useful for a tax application to access capital gains information from a home brokerage application. However, the home brokerage application needs to protect the privacy of the customer's portfolio. Hence, the tax application cannot be given unrestricted access portfolio data from the home brokerage application.
Additionally, software vendors may want to enforce contractual arrangements between complementary applications. For example, a home brokerage application may want to tap into historical pricing information supplied by an application from a financial institution. This arrangement would be facilitated if the vendor of the home brokerage application would establish a contractual arrangement with the financial institution that allows the home brokerage application to access the historical pricing information.
Unfortunately, present computing systems lack any mechanism for facilitating and controlling access to services provided by other applications. In particular, with present systems it is not possible to identify applications that have been granted rights to access services from other applications, nor to control what services a given application can have performed.