1. Field of the Invention
The present invention generally relates to security support apparatuses and computer-readable recording media recorded with program code, and more particularly to a security support apparatus and a computer-readable recording medium recorded with program code to cause a computer to support security of information, in which a uniformed security function for a plurality of application programs can be provided.
2. Description of the Related Art
Simple Object Access Protocol (SOAP) has been developed as a protocol to call data or a service residing in other computers. Recently, an infrastructure technology is being put into place to communicate in accordance with a protocol for a distributed object access written in an XML (extensible Markup Language) on an HTTP (HyperText Transfer Protocol).
One service accessible by SOAP through a network is called a Web service. Regarding the Web service, a security policy as a Web Services Security (WS-Security) has come under review. Basically, this Web service security, which has been considered, is to conduct a SOAP message exchange being secured to the Web service.
The Web service is a service program that is assumed to be used through the Internet (Intranet) from various application programs. Each application program generally conducts a user authentication, an access control, and a log record to secure information. On the standard scale, these three functions are required.
In order to realize a secured Web service, Japanese Laid-Open Patent Application No. 2003-22243 discloses that an access authority of a client is based on a token and is given to the client and a server conducts the access control by verifying a validity of the token provided from the client.
In a conventional technology, it is useful to reduce management cost in the server. However, in order to secure server applications, it is necessary to implement this mechanism with the conventional technology in each server application.
With a view toward securing the entire system, since the above-described three functions are critical security functions for each application program, it is desirable to provide the security function as a Web service that can be shared for use in maintaining consistent security. However, in the conventional technology, since it is impossible to share the mechanism with other server applications, then consistently supplying the security function for each of the plurality of application programs cannot be achieved.