Currently, business information is shared over the internet by creating identities in the corporate network for the customers and business partners. This is done either tunneling the data through the internet using a virtual private network (VPN) or over the hypertext transport protocol (HTTP) using transport security protocols like Secure Sockets Layer (SSL). But these approaches have security and operational drawbacks.
Creating identities for external parties and facilitating access through a VPN gives the external parties a foothold in your corporate intranet. They may be tempted to explore the vulnerabilities of your network for subverting it.
Creating and managing identities for each and every external entity adds administrative overhead. Every time an external party's access rights change, the internal identity must be updated to reflect the change.
The capabilities of organizational HTTP proxies as front ends to organizational information are not fully exploited.
Accordingly, a need remains for a way to federate two or more organizational identity spaces (domains) through their HTTP proxies for the purpose of cross domain authentication and authorization for secure and granular HTTP access without the need to create representational identities in one domain for the principals in another domain, to address these and other problems associated with the prior art.