In the past, executable content could only be installed on a computer system by physically bringing magnetic media to the computer and having a user with the applicable privileges (e.g., administrative privileges) install it. At present, however, the Internet, intranets, wide area networks (WANs), local area networks (LANs), etc., make it very easy for ordinary computer users to download executable content, such as, e.g., ActiveX® controls, programs, and scripts. In many cases, executable content may be downloaded and executed via the Internet without the user even realizing that such an event has occurred.
Unfortunately, every so often such executable content intentionally or unintentionally destabilizes the client machine in some manner. For example, the content may prove to be error-prone and cause the client machine to crash. The content may also undermine the security of the client machine by divulging confidential information about the client/user. Although these types of computer problems have previously existed in the form of “viruses” and “trojans,” the ubiquitous presence of World Wide Web (WWW) portion of the Internet has made these problems even more widespread. In general, the operating environment of most clients is not adequately protected against such unruly code.
Some operating systems already have an existing security mechanism that limits what non-privileged users may do. For example, the security system built into the Windows® NT operating system controls access to resources based on the identities of users. When a Windows NT process wishes to access a resource to perform some action, the security mechanism in Windows NT compares a client's user and group IDs and privileges associated with that process against security information assigned to that resource to grant or deny access to the resource. In this manner, unauthorized users are prevented from accessing resources and potentially causing harm, while authorized users may be limited in the actions they are allowed to perform.
There are many different authentication methods available for use in the client operating system. By way of example, a client can select among Kerberos, NTLM, Digest, Secure Socket Layer (SSL) or others that are available within the operating system. Each of these protocols is different; the differences produce varying levels of assurance as to the identity of the principals involved. Those skilled in the art will appreciate the difference between a high-assurance method such as biometric authentication, and a lower assurance scheme such as a password.
Because the eventual end-users or administrators of a computer operating system must manage access to data, protect their resources against abuse, and other tasks, these are the appropriate people to decide what assurance they require for varying tasks. Viewing a web page, as an example, may be low value enough to allow use of a low-assurance method such as a password. Updating company financial information may require a higher assurance method such as SSL. Clearly, the benefit of a consistent method, across a variety of possible applications, for controlling access would be substantial.
Hence, there is a continuing need for improved methods and arrangements for controlling access to various networked servers, devices, services, applications, etc., especially in the Internet/intranet networking arena.