Software applications may be provided to users via a network. A networked application may be accessed by a user via a website over the Internet or other distributed network. Because the network over which communication with a networked application may occur may be public, proper access control is often needed, requiring a user in some cases to enter a username and password or other form of authentication and/or authorization.
Distributed computing often involves a collection of RESTful web services. (REST is an architectural standard for distributed systems. In REST, interactions between components are conceptualized as a series of stateless requests from a client to a server, each of which concerns a specific resource.) Each service may make a variety of authentication (who am I?) and authorization (what am I allowed to do?) determinations. Despite their various and distributed nature, these determinations should be made in a consistent manner across the entire distributed platform. If individual services implement access control independently, an oversight may occur, and one or more communication routes that are exposed may be insufficiently protected. One way of mitigating this problem is to use OWASP ASVS Access Control Requirements (see code.google.com/p/owasp-asys/wiki/Verification_V4), which suggest using a centralized mechanism (including libraries that call external authorization services) to protect access to each type of protected resource.
Where considered appropriate, reference numerals may be repeated among the drawings to indicate corresponding or analogous elements. Moreover, some of the blocks depicted in the drawings may be combined into a single function.