The present disclosure relates to computer systems and software, and more particularly to access management techniques including web access management techniques.
Some applications, protected by deployment of a Web Access Management (WAM) product such as Oracle® Access Manager (OAM) provided by Oracle Corporation, are more sensitive in their access needs than others in the same deployment. For example, this could be defined on the axis of how authentication is performed (e.g., using a password versus a time-synchronous tokencode. Other examples of WAM products include CA SiteMinder®, Tivoli Access Manager provided by IBM, and ForgeRock OpenAM.
Many access management products can enforce more stringent timings on a per-application basis by using session state held in a cookie. However, due to the limited space available in which to hold state information, the data is not sufficiently rich to enable isolation. This can in fact have negative effects, for example, the response to seeing an idle session is to invalidate it completely, cutting off access to applications which, based on the timings define, would still allow it. Some other WAM products maintain multiple deployments of the WAM product. This provides some isolation but adds complexity in maintaining these environments.