Administrators of private communication networks such as corporate enterprise networks do not currently have convenient options for providing temporary network access for “mobile” external users, such as contractors or employees of partner enterprises, that may at times locally connect to their networks. Network access for such mobile users normally requires manually creating local user identities in a Lightweight Directory Access Protocol (LDAP) directory or analogous user database, for example, and manually granting access to services. Service access may be granted at a policy server or directly at individual application servers.
When a mobile user is no longer on-site, the corresponding local user identity must be deactivated and service access for this identity must be closed. The entire life cycle, from creation to deactivation, for temporary identities is often restricted to be no more than one day.
The manual creation and maintenance of temporary digital identities, as well as the associated service access activation and deactivation, for mobile users of partner corporations tends to be a very inefficient and costly process. It also can open significant security holes in a corporate network if temporary identities are not deactivated and/or service access rights are not removed when a mobile user is no longer on-site.
User mobility might be particularly important to enable the use of services for which information is distributed through a communication network, generally referred to as network services. “Web services” are an example of network services, and represent the next generation of technology being used for automatically exchanging information between different applications over the public Internet and many private networks. Web services provide a framework for building web-based distributed applications, and can provide efficient and effective automated machine-to-machine communications.
From a technology point of view, web services are network accessible functions that can be accessed using standard Internet protocols such as HyperText Transfer Protocol (HTTP), extensible Markup Language (XML), Simple Object Access Protocol (SOAP), etc., over standard interfaces.
The real power of web services technology is in its simplicity. The core technology only addresses the common language and communication issues and does not directly address the onerous task of application integration. Web services can be viewed as a sophisticated machine-to-machine Remote Procedure Call (RPC) technology for interconnecting multiple heterogeneous untrusted systems. Web services take the best of many new technologies by utilizing XML technology for data conversion/transparency and Internet standards such as HTTP and Simple Mail Transfer Protocol (SMTP) for message transport.
One of the primary drivers behind the development and standardization of web services is the ability to facilitate seamless machine-to-machine application-level communications by providing a loose coupling between disparate applications. Such a loose coupling of applications allows applications on different servers to interoperate without requiring a static, inflexible interface between them. Applications using very different technologies can interoperate using standard web services protocols.
There are currently no available products that allow user mobility amongst the sites of a partner extranet or other collection of communication networks, as noted above. Thus, there remains a need for improved user mobility techniques.