CN118245986A - Method and system for self-service application of zero trust resource and automatic authorization - Google Patents
Method and system for self-service application of zero trust resource and automatic authorization Download PDFInfo
- Publication number
- CN118245986A CN118245986A CN202410182502.4A CN202410182502A CN118245986A CN 118245986 A CN118245986 A CN 118245986A CN 202410182502 A CN202410182502 A CN 202410182502A CN 118245986 A CN118245986 A CN 118245986A
- Authority
- CN
- China
- Prior art keywords
- account
- resource
- resources
- authorization
- zero
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 85
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000011084 recovery Methods 0.000 claims description 4
- 230000009471 action Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000001360 synchronised effect Effects 0.000 description 5
- 230000004075 alteration Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Economics (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of computers, in particular to a method and a system for self-service application of zero trust resources and automatic authorization, which comprise the following steps: configuring a binding relation among resources, account numbers, resources and region_codes in a background management module, and maintaining a corresponding relation between the resources and the regions; automatically applying for resource access rights; after the zero trust resource access is applied, automatically recovering the authority; the beneficial effects are as follows: according to the method and the system for self-service application of zero trust resources and automatic authorization, resources and account numbers of different devices are distinguished through database fields, so that a resource access request applicant can self-service apply for the resources, the system automatically judges whether the resources are authorized and records an authorization log, and then when the resources need to be recovered, the resources are automatically recovered according to the authorization log.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for self-service application of zero trust resources and automatic authorization.
Background
The method is characterized in that a security login authentication system is built, namely, anyone, equipment, a system and application inside and outside a network are not trusted under the default condition, data and requests of trusted nodes are received on the basis of identity authentication and authorized access control, the security of synchronous login of an internal network and an external network can be further improved, compared with the traditional mode, mutual authentication and verification operations among system nodes are added, the operations can enable the system to know whether the received requests come from trusted sites, and the possibility of falsifying the request spoofing system by an attacker is further reduced.
In the prior art, the most commonly used zero trust resource authorization mode at present is manual authorization, which comprises the following specific steps:
(1) The zero trust manager configures resources at the zero trust manager, and generally comprises resource names, resource types, access modes and the like
(2) Resource applicant applies for access authority of a certain resource to zero trust manager through channels such as work order, zero trust client and the like
(3) After receiving the resource access request, the zero trust manager manually judges whether to authorize the user according to the condition
(4) If authorized, the user can access the applied authority, otherwise, the user is not allowed to access
(5) After the resource access is finished, the user informs the zero trust manager, and the zero trust manager manually withdraws the user authority.
However, the method is simple to implement, but in view of manual operation, the problem may be that (1) when a large number of resource access requests are simultaneously available, the workload of the zero trust manager is increased, the application time of the user resource access authority is not fixed, in order to ensure that the functions are available, the zero trust manager needs to be arranged for duty, the manpower cost expenditure is increased (3) when manual authorization is performed, certain conditions may be judged to be wrong, further, authorization is wrong, the recovery initiating action of the resource access authority of the security risk (4) is completely dependent on feedback of the user, the zero trust manager is uncontrollable, if the resource access authority is not recovered for a long time, the security risk (5) is easy to cause confusion if a plurality of zero trust devices are simultaneously available, and the manual authorization mode is easy to cause confusion.
Disclosure of Invention
The invention aims to provide a method and a system for self-service application of zero trust resources and automatic authorization, which are used for solving the problems in the background technology.
In order to achieve the above purpose, the present invention provides the following technical solutions: a method of self-service application for zero trust resources and automatic authorization, the method comprising the steps of:
Configuring a binding relation among resources, account numbers, resources and region_codes in a background management module, and maintaining a corresponding relation between the resources and the regions;
automatically applying for resource access rights;
And after the zero trust resource access is applied, automatically recovering the authority.
Preferably, the configuration of the resource, the account number, and the binding relationship between the resource and the region_code in the background management module includes resource management:
The method comprises the steps of resource synchronization, resource inquiry and resource list display, wherein the resource synchronization is as follows: and if the zero trust servers are managed simultaneously, the resource synchronization operation can synchronize the resources in the zero trust servers into the database, and meanwhile, the type field is added for distinguishing.
Preferably, the configuration of the resource, the account number, and the binding relation between the resource and the region_code in the background management module includes account number management:
The method comprises account synchronization, account inquiry and account list display, wherein account synchronization logic is similar to resource synchronization logic: and if the accounts in the zero trust servers are managed simultaneously, the account synchronization operation can synchronize the accounts in the zero trust servers into a database, meanwhile, the type field is added for distinguishing, and the accounts of the same user in the zero trust servers generally store the same mobile phone number or mailbox.
Preferably, the flow of automatically applying the resource access rights is as follows:
Step 1, a user accesses an authorization application module page, the page calls a back-end interface, after a current login mailbox is obtained through a token, a core authorization module user account list interface is called through the mailbox, all zero-trust accounts bound to the mailbox are obtained, whether account information can be obtained and whether accounts configured by a background management module are related to display fields and account states or not is judged, and if the zero-trust accounts are not obtained, access rights for applying resources are not allowed;
step 2, the user selects a zero trust account in the list, and the front-end page invokes an account already-owned permission interface of the core authorization module through an account id;
step 3, after the core authorization module receives the request of step 2, firstly judging whether a zero trust account exists, if not, directly returning to blank, if so, accessing different zero trust servers to acquire a resource access authority list applied by the account according to the account type, and returning to the user authorization application module;
step 4, the user authorizes the application module, and the front-end page calls a rear-end applicable resource authority list interface according to the region_code and the current zero trust account;
step 5, after the core authorization module receives the request in the step 4, firstly judging whether a zero trust account exists, if not, directly returning to blank, if so, inquiring a database according to the account type, acquiring a resource list corresponding to the region_code, and returning to the user authorization application module;
step 6, the user assembles parameters after selecting the resources to be applied and the resources to be removed according to the results returned in the step 3 and the step 5 in the authorization application module page, and invokes the core authorization module to update the account authority interface and update the user authority;
Step 7, after the core authorization module receives the request, firstly judging whether all the requested resources belong to the applicable resource range, if not, considering that the account applies the permission which is not allowed to be applied, and directly returning an error result; secondly, judging whether the corresponding relation between the selected resource and the region_code is effective or not, and if not, returning an error result; finally judging whether the zero trust account exists or not, if not, directly returning an error result; if the request exists, different zero trust servers are called according to the account types, the resource access condition of the account is updated, a newly added request result is recorded to a database, and the result is returned to the authorization application module.
Preferably, after the zero trust resource access is applied, the automatic right recovery process is as follows:
after the resource access is finished, automatically sending an mq message, wherein the message body comprises region_code, application time and application account information;
The core authorization module monitors the mq message queue, searches a request log of the newly added account resource access of the account according to the region_code, the application time and the application account in the message content when a new message exists, and ignores the mq message if the log does not exist;
if the newly added account resource access request log exists, the parameters of the resource access are assembled and deleted according to the region_code and the account information recorded by the log, different zero trust servers are called according to the account type, the resource access condition of the account is updated, and meanwhile, the deleted result is recorded in a database;
thereby completing the action of automatically recovering the rights.
The system comprises a zero trust server, a core authorization module, a background management module and an authorization application module;
When the zero trust server sends a request to the core authorization module, security configuration such as source restriction IP, access port restriction, AK/SK passing and the like is needed to be carried out;
The core authorization module performs data interaction with each zero trust server and queries related information through a database;
The background management module manages zero trust resources, zero trust account numbers and authorized log query functions;
the authorization application module calls an interface provided by the core authorization module, and displays an account list, an applicable resource list and a resource application function to the resource authority requester.
Preferably, the functions of the core authorization module include zero-trust account query, zero-trust account existing authority query, account applicable authority query, updating zero-trust account owned resources and providing external interface access.
Compared with the prior art, the invention has the beneficial effects that:
The method and the system for self-service application of zero trust resources and automatic authorization provided by the invention distinguish the resources and account numbers of different devices through the database field, so that a resource access request applicant can self-service apply for the resource access request, the system can automatically judge whether the resource is authorized and record the authorization log, and then when the resource needs to be recovered, the resource is automatically recovered according to the authorization log.
Drawings
FIG. 1 is a block diagram of a system of the present invention;
FIG. 2 is a flow chart of the invention for automatically applying resource access rights;
FIG. 3 is a flow chart of the automatic recovery of resource access rights of the present invention.
Detailed Description
In order to make the objects, technical solutions, and advantages of the present invention more apparent, the embodiments of the present invention will be further described in detail with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are some, but not all, embodiments of the present invention, are intended to be illustrative only and not limiting of the embodiments of the present invention, and that all other embodiments obtained by persons of ordinary skill in the art without making any inventive effort are within the scope of the present invention.
Example 1
Referring to fig. 2 and 3, the present invention provides a technical solution: a method of self-service application for zero trust resources and automatic authorization, the method comprising the steps of:
Taking the application of the zero trust fort machine and the application release server resource as an example, the method for self-service application of the zero trust resource and automatic authorization is described in detail, and the fort machine and the application release server need to be bound with the region_code.
1. Firstly, the binding relation of resources, account numbers, resources and region_codes needs to be configured in a background management module
(1) And (5) resource management. The method comprises the steps of resource synchronization, resource inquiry, resource list display and the like, wherein the resource synchronization is as follows: the added resources in the zero trust server need to be synchronized to a background management module, if a plurality of zero trust servers are managed at the same time, the resources in the zero trust servers are synchronized to a database by the resource synchronization operation, and meanwhile, the type field is added for distinguishing;
(2) Account management, including account synchronization, account inquiry, account list display, etc., wherein account synchronization logic is similar to resource synchronization logic: the account numbers added in the zero trust server need to be synchronized to a background management module, if a plurality of zero trust servers are managed at the same time, the account numbers in the zero trust servers are synchronized to a database by the account number synchronization operation, meanwhile, the type field is added for distinguishing, and the account numbers of the same user in the plurality of zero trust servers generally store the same mobile phone number or mailbox;
(3) Maintaining the corresponding relation between the resource and the region
2. The steps of automatically applying the resource access authority are as follows, and the flow chart is shown in figure 2
Step 1, a user accesses an authorization application module page, the page calls a back-end interface, after a current login mailbox is obtained through a token, a core authorization module user account list interface is called through the mailbox, all zero-trust accounts bound to the mailbox are obtained, whether account information can be obtained and whether accounts configured by a background management module are related to display fields and account states or not is judged, and if the zero-trust accounts are not obtained, access rights for applying resources are not allowed;
step 2, the user selects a zero trust account in the list, and the front-end page invokes an account already-owned permission interface of the core authorization module through an account id;
step 3, after the core authorization module receives the request of step 2, firstly judging whether a zero trust account exists, if not, directly returning to blank, if so, accessing different zero trust servers to acquire a resource access authority list applied by the account according to the account type, and returning to the user authorization application module;
step 4, the user authorizes the application module, and the front-end page calls a rear-end applicable resource authority list interface according to the region_code and the current zero trust account;
step 5, after the core authorization module receives the request in the step 4, firstly judging whether a zero trust account exists, if not, directly returning to blank, if so, inquiring a database according to the account type, acquiring a resource list corresponding to the region_code, and returning to the user authorization application module;
step 6, the user assembles parameters after selecting the resources to be applied and the resources to be removed according to the results returned in the step 3 and the step 5 in the authorization application module page, and invokes the core authorization module to update the account authority interface and update the user authority;
Step 7, after the core authorization module receives the request, firstly judging whether all the requested resources belong to the applicable resource range, if not, considering that the account applies the permission which is not allowed to be applied, and directly returning an error result; secondly, judging whether the corresponding relation between the selected resource and the region_code is effective or not, and if not, returning an error result; finally judging whether the zero trust account exists or not, if not, directly returning an error result; if the request exists, different zero trust servers are called according to the account types, the resource access condition of the account is updated, a newly added request result is recorded to a database, and the result is returned to the authorization application module.
3. After the zero trust resource access is applied, the authority is automatically recovered, and the flow chart is shown in figure 3.
After the resource access is finished, automatically sending an mq message, wherein the message body comprises region_code, application time and application account information.
The core authorization module monitors the mq message queue, when a new message exists, searches a request log of the resource access of the account newly added by the account according to the region_code, the application time and the application account in the message content, and if the log does not exist, ignores the mq message.
If the request log of the newly added account resource access exists, the parameters of the resource access are assembled and deleted according to the region_code, the account and other information recorded by the log, different zero trust servers are called according to the account type, the resource access condition of the account is updated, and meanwhile, the deleted result is recorded in a database.
Thereby completing the action of automatically recovering the rights.
Example two
On the basis of the first embodiment, a self-service application zero-trust resource automatic authorization system is provided, which mainly comprises a zero-trust server, a core authorization module, a background management module, an authorization application module and the like, wherein a system deployment structure is shown in fig. 1, and the zero-trust server is generally deployed in an area which is not accessed by any external network in view of the importance of the zero-trust server, so that the authorization application module needs to perform security configuration such as source restriction IP, access port restriction, AK/SK passing and the like when sending a request to the core authorization module. The core authorization module is mainly used for carrying out data interaction with each zero trust server and inquiring related information through a database, and the main functions comprise zero trust account number inquiry, zero trust account number existing authority inquiry, account number applicable authority inquiry, updating zero trust account number owned resources, providing external interface access and the like.
The background management module is mainly used for managing functions of zero trust resources, zero trust account numbers, authorized log inquiry and the like
And the authorization application module is mainly used for calling an interface provided by the core authorization module and displaying an account list, an applicable resource list, an application resource and the like to a resource authority requester.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A method for self-service application of zero trust resource and automatic authorization is characterized in that: the method comprises the following steps:
Configuring a binding relation among resources, account numbers, resources and region_codes in a background management module, and maintaining a corresponding relation between the resources and the regions;
automatically applying for resource access rights;
And after the zero trust resource access is applied, automatically recovering the authority.
2. A method of self-service application of zero trust resources and automatic authorization according to claim 1, wherein: the configuration of the binding relation of the resource, the account number and the resource and the region_code in the background management module comprises the following steps of resource management:
The method comprises the steps of resource synchronization, resource inquiry and resource list display, wherein the resource synchronization is as follows: and if the zero trust servers are managed simultaneously, the resource synchronization operation can synchronize the resources in the zero trust servers into the database, and meanwhile, the type field is added for distinguishing.
3. A method of self-service application of zero trust resources and automatic authorization according to claim 1, wherein: the configuration of the resources, the account numbers and the binding relation between the resources and the region_code in the background management module comprises account number management:
The method comprises account synchronization, account inquiry and account list display, wherein account synchronization logic is similar to resource synchronization logic: and if the accounts in the zero trust servers are managed simultaneously, the account synchronization operation can synchronize the accounts in the zero trust servers into a database, meanwhile, the type field is added for distinguishing, and the accounts of the same user in the zero trust servers generally store the same mobile phone number or mailbox.
4. A method of self-service application of zero trust resources and automatic authorization according to claim 1, wherein: the flow of automatically applying the resource access rights is as follows:
Step 1, a user accesses an authorization application module page, the page calls a back-end interface, after a current login mailbox is obtained through a token, a core authorization module user account list interface is called through the mailbox, all zero-trust accounts bound to the mailbox are obtained, whether account information can be obtained and whether accounts configured by a background management module are related to display fields and account states or not is judged, and if the zero-trust accounts are not obtained, access rights for applying resources are not allowed;
step 2, the user selects a zero trust account in the list, and the front-end page invokes an account already-owned permission interface of the core authorization module through an account id;
step 3, after the core authorization module receives the request of step 2, firstly judging whether a zero trust account exists, if not, directly returning to blank, if so, accessing different zero trust servers to acquire a resource access authority list applied by the account according to the account type, and returning to the user authorization application module;
step 4, the user authorizes the application module, and the front-end page calls a rear-end applicable resource authority list interface according to the region_code and the current zero trust account;
step 5, after the core authorization module receives the request in the step 4, firstly judging whether a zero trust account exists, if not, directly returning to blank, if so, inquiring a database according to the account type, acquiring a resource list corresponding to the region_code, and returning to the user authorization application module;
step 6, the user assembles parameters after selecting the resources to be applied and the resources to be removed according to the results returned in the step 3 and the step 5 in the authorization application module page, and invokes the core authorization module to update the account authority interface and update the user authority;
Step 7, after the core authorization module receives the request, firstly judging whether all the requested resources belong to the applicable resource range, if not, considering that the account applies the permission which is not allowed to be applied, and directly returning an error result; secondly, judging whether the corresponding relation between the selected resource and the region_code is effective or not, and if not, returning an error result; finally judging whether the zero trust account exists or not, if not, directly returning an error result; if the request exists, different zero trust servers are called according to the account types, the resource access condition of the account is updated, a newly added request result is recorded to a database, and the result is returned to the authorization application module.
5. A method of self-service application of zero trust resources and automatic authorization according to claim 1, wherein: after the zero trust resource access is applied, the automatic right recovery process is as follows:
after the resource access is finished, automatically sending an mq message, wherein the message body comprises region_code, application time and application account information;
The core authorization module monitors the mq message queue, searches a request log of the newly added account resource access of the account according to the region_code, the application time and the application account in the message content when a new message exists, and ignores the mq message if the log does not exist;
if the newly added account resource access request log exists, the parameters of the resource access are assembled and deleted according to the region_code and the account information recorded by the log, different zero trust servers are called according to the account type, the resource access condition of the account is updated, and meanwhile, the deleted result is recorded in a database;
thereby completing the action of automatically recovering the rights.
6. A self-service zero trust resource application and automatic authorization system according to the method of self-service zero trust resource application and automatic authorization according to any one of claims 1 to 5, characterized in that: the system comprises a zero trust server, a core authorization module, a background management module and an authorization application module;
When the zero trust server sends a request to the core authorization module, security configuration such as source restriction IP, access port restriction, AK/SK passing and the like is needed to be carried out;
The core authorization module performs data interaction with each zero trust server and queries related information through a database;
The background management module manages zero trust resources, zero trust account numbers and authorized log query functions;
the authorization application module calls an interface provided by the core authorization module, and displays an account list, an applicable resource list and a resource application function to the resource authority requester.
7. A self-service application zero trust resource and automatic authorization system according to claim 6, wherein: the core authorization module comprises the functions of zero-trust account query, zero-trust account existing authority query, account applicable authority query, updating zero-trust account owned resources and providing external interface access.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410182502.4A CN118245986A (en) | 2024-02-19 | 2024-02-19 | Method and system for self-service application of zero trust resource and automatic authorization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410182502.4A CN118245986A (en) | 2024-02-19 | 2024-02-19 | Method and system for self-service application of zero trust resource and automatic authorization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN118245986A true CN118245986A (en) | 2024-06-25 |
Family
ID=91563872
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410182502.4A Pending CN118245986A (en) | 2024-02-19 | 2024-02-19 | Method and system for self-service application of zero trust resource and automatic authorization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN118245986A (en) |
-
2024
- 2024-02-19 CN CN202410182502.4A patent/CN118245986A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5586260A (en) | Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms | |
EP0977399B1 (en) | Authentication and access control in a management console program for managing services in a computer network | |
US6219790B1 (en) | Centralized authentication, authorization and accounting server with support for multiple transport protocols and multiple client types | |
JP4579546B2 (en) | Method and apparatus for handling user identifier in single sign-on service | |
KR101720160B1 (en) | Authenticated database connectivity for unattended applications | |
CN107277049B (en) | Access method and device of application system | |
US7010600B1 (en) | Method and apparatus for managing network resources for externally authenticated users | |
CN112261172B (en) | Service addressing access method, device, system, equipment and medium | |
CN112995219B (en) | Single sign-on method, device, equipment and storage medium | |
US8719948B2 (en) | Method and system for the storage of authentication credentials | |
CN105450636A (en) | Cloud computing management system and management method of cloud computing management system | |
CN111581631B (en) | Single sign-on method based on redis | |
CN108234122B (en) | Token checking method and device | |
CN112039873A (en) | Method for accessing business system by single sign-on | |
US20190066012A1 (en) | Enterprise customer website | |
JP3137173B2 (en) | Authentication information management device | |
US8819806B2 (en) | Integrated data access | |
US9680871B2 (en) | Adopting policy objects for host-based access control | |
US7899918B1 (en) | Service accounting in a network | |
CN118245986A (en) | Method and system for self-service application of zero trust resource and automatic authorization | |
JP2001067319A (en) | Retrieving system using www server | |
US7606917B1 (en) | Method, apparatus and system for principle mapping within an application container | |
JPH0950422A (en) | Interaction succession type access control method on computer network and server computer therefor | |
CN111814130A (en) | Single sign-on method and system | |
CN114844714B (en) | User identity authentication method and proxy server based on LDAP protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |