SYSTEM AND METHOD FOR BRIDGING IDENTITIES IN A SERVICE ORIENTED ARCHITE CTURE

摘要

A system for bridging user identities between at least a first and a secondsecurity domain,comprising a bridge associated with the first security domain for interceptingmessages forservice in the second domain from users in the first domain. The bridgeauthenticates the useridentities against a local authentication source by using an established keyrelationship and bindsa security token with the message. A gateway is associated with the seconddomain for gatinginbound access and outbound communication with a service in the second domainand forreceiving the authenticated message and verifying the authenticity of thesecurity token by usinga certificate of the trusted authentication source and authorising access tothe service uponconfirmation of the authorisation, such that the authorisation is independentof the identity of theuser.