As applications and services have become more commonly available over computer networks, the numbers of users accessing such applications has increased. Such applications and services (hereinafter “resources”) can benefit from having the identity of the user requesting access to the resources authenticated. Conventionally, a program written to access a resource provided over a network, where access to the resource requires authentication, had to include code specific to the authentication system(s) and/or method(s) (hereinafter “authentication system”) employed to authenticate the desired access. For example, a program written to access a resource residing on a server that employs a Kerberos-based authentication system would be required to include code specific to the Kerberos-based authentication system.
Including such authentication system specific code in a program can negatively impact writing such a program by requiring the programmer(s) involved in writing the program to learn the specifics of the authentication system employed by the resource to which access is desired. Learning such authentication system specific details and accounting for such details in application program code requires time, adds complexity and thus generates additional expense in creating such programs. Furthermore, the program that includes the authentication system specific code will be restricted to accessing resources employing the authentication specific system. Thus, if the authentication system changes, the program including such authentication system specific code could require rewriting and recompiling, adding further complexity, time and expense. In addition, if the program desired to access resources employing different authentication systems, then the program would again have to be rewritten and recompiled, adding yet further complexity, time and expense. One conventional approach to solving the problem of dealing with various authentication systems is to write a resource accessing program that includes authentication system specific code for multiple authentication systems. But this solution produces large, complex programs, susceptible to the introduction of bugs, and which still cannot respond to new authentication systems.
New computer security methods, including new resource request authentication systems, are frequently created. Programs protecting resources can benefit from employing such new authentication systems. For example, security provided by an authentication system may have been compromised by a computer hacker requiring a new authentication system to be developed to defeat the avenue of attack employed by the hacker. Thus, a program protecting a resource by employing the old authentication system could be vulnerable to the hacker attack, while a program employing the new authentication system may not be similarly vulnerable. But creating a new authentication system and/or method creates additional problems, including the program rewriting and recompilation problems addressed above.
Thus a system and/or method to simplify writing applications that generate requests that may require authentication is still needed to mitigate problems associated with conventional systems.