Large enterprises use a plurality of systems where the systems utilize various web services to create new applications and/or retrieve information from different systems of record or legacy applications. Application security is a concern as different applications use different security measures during integration.
Additionally, authentication, authorization and audit (“AAA”) when building applications require dedicated AAA server or third party tools to be integrated with the web services layer.
This is not desirable because it involves additional layers of integration and increases the dependencies of other systems. Security costs and risk of information leakage are increased as well.
Therefore, it would be desirable to have a centralized architecture within the web services layer that will handle the combination of the AAA for each request.