1. Field of the Invention
This invention relates to networked computer systems, and more particularly to a system and method for providing pluggable authentication and access control in computer systems and services.
2. Description of the Related Art
Enterprise Messaging Systems
Enterprise messaging systems may be developed using a messaging service such as JMS. An enterprise messaging system may be used to integrate distributed, loosely coupled applications/systems in a way that provides for dynamic topologies of cooperating systems/services. Enterprise messaging systems typically need to address common messaging related problems such as:                Guaranteed message delivery (e.g. persistence, durable interests, “at least once” and “once and only once” message delivery guarantees, transactions etc). Messages from one component to another must not be lost due to network or system failure. This means the system must be able to guarantee that a message is successfully delivered.        Asynchronous delivery. For large numbers of components to be able to exchange messages simultaneously, and support high-density throughputs, the sending of a message cannot depend upon the readiness of the consumer to immediately receive it. If a consumer is busy or offline, the system must allow for a message to be sent and subsequently received when the consumer is ready. This is known as asynchronous message delivery, popularly known as store-and-forward messaging.        Various message delivery models (e.g. publish and subscribe or point-to-point).        Transport independence.        Security The messaging system may support basic security features: authentication of users, authorized access to messages and resources, and on-the-wire encryption.        
Leveraging an enterprise messaging system in developing business solutions allows developers to focus on their application/business logic rather than on implementing the underlying messaging layer.
iPlanet E-Commerce Solutions' iMQ (iPlanet Message Queue), formerly offered by Sun Microsystems as JMQ (Java Message Queue) is an example of an enterprise messaging system. iMQ may use a “hub and spoke” architecture. Clients use an iMQ client library to exchange messages with an iMQ message service, which may be implemented using messaging servers (also referred to as “brokers”). iMQ may also be used in serverless message service environments (e.g. peer-to-peer environments). iMQ is Java Message Service (JMS)-compliant. JMS is an application program interface (API) from Sun Microsystems that supports messaging between computers in a network. JMS provides a standard interface (API) for messaging providers to implement, thus providing a common messaging interface for Java programs to use.
In an enterprise messaging system, clients exchange messages with a messaging server using a message exchange protocol. The messaging server then may route the messages based upon properties of the messages. Typically, the message exchange protocol requires a direct, fully bidirectional reliable transport connection between the client and the messaging server, such as a TCP (Transport Control Protocol) or SSL (Secure Sockets Layer) connection.
NIS (Network Information System)
NIS (Network Information System) is a network naming and administration system for smaller networks that was developed by Sun Microsystems. NIS+ is a later version that provides additional security and other facilities. Using NIS, each host client or server computer in the system has knowledge about the entire system. A user at any host can get access to files or applications on any host in the network with a single user identification and password. NIS is intended for use on local area networks. NIS uses the client/server model and the Remote Procedure Call (RPC) interface for communication between hosts. NIS consists of a server, a library of client programs, and some administrative tools. NIS is often used with the Network File System (NFS). NIS is a UNIX-based program.
Lightweight Directory Access Protocol (LDAP)
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling the location of organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. In a network, a directory tells where in the network something is located. LDAP enables searching without knowledge of the domain name. LDAP directories can perform many of the same functions as a database, storing several thousand names of individuals or storing other important information. LDAP directories are typically designed to support fast access and searches. LDAP directories typically store data in a hierarchical structure.
MD5
MD5 is a message digest algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual. MD5, which was developed by Professor Ronald L. Rivest of MIT, is intended for use with digital signature applications, which require that large files must be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321.