1. Field of the Invention
The present invention relates generally to secure use of computer and network systems and, more particularly, to managing authentication, authorization and auditing in such systems.
2. Background and Related Art
Processes known as Authentication, Authorization, and Auditing (AAA) are commonly used to protect computer and network systems from unauthorized access. Organizations spend significant amounts of time and money to protect their organization's information and data from unauthorized use. On the other hand, there are valid reasons for sharing information within and among organizations and diverse users of such information. Thus, there is competing interest for organizations to share information among employees and with their partners, customers, suppliers and possibly competitors, for example, on the one hand, and yet keep such information secure from unauthorized access, on the other.
One common authentication system relies upon the use of a user ID and password process. One of the difficulties with such an approach is that often each system to be accessed requires its own user ID and password thus necessitating the remembering of multiple user IDs and passwords. As more user systems become available for use, such requirement becomes more cumbersome. Another difficulty is that each new system that holds user IDs and password need to be managed by people in most cases, and this leads to more problems while the administration grows.
Although it is known to centralize user systems and databases to facilitate easier access and administration, such an approach is not practical for access to all applications and databases, and particularly for access to applications and databases, for example, in development. This is particularly true where the applications are on different domains or applications in development process or testing phases. Centralized access is particularly difficult to employ where Applications must validate access with databases and networks that are accessible on different User AAA Systems employing different operating systems and network arrangements where each may employ its own application programming, language and its own authentication and authorization access protocol.
The lack of a system to handle disparate access requirements and protocols results in use of a multiplicity of User IDs and passwords for the various systems, and often requires administrative intervention to reset passwords, issue temporary passwords and the like.