User:Galantcheng/sandbox

Definition

Web agents are complex software systems that operate in the world wide web, the internet and related corporate, government or military intranets. They are designed to perform a variety of tasks from caching and routing to searching, categorizing and filtering. There are four levels describe the work of web agents, they are authentication level, service, authentication Module and policy. In the authentication level, it talks about different resources on a deployment container, for example, a web server or proxy server might require different levels of authentication. At the service level, The OpenSSO enterprise will provide service of authentication service, session service, logging service and policy service. For the Authentication Module is used to authenticate a user on OpenSSO Enterprise. The policy level defines rules that specify access privileges to protect resources and data on a web server.

Specification

In case, when a user points a browser to a particular URL on a protected deployment container, a variety of interaction will take place. And thus, the wen agent will intercept the request and checks information. If the specific criteria are met on the list, the authentication process is bypassed and access is granted to the resource. If authentication is required, the web agent will validate the existing authentication credentials. If the existing authentication level is insufficient, the appropriate OpenSSO Enterprise Authentication Service will present a login page for credentials. If the user’s credentials are properly authenticated, the web agent will check if the user is authorized to access particular resources and allow or deny an individual access to the URL.

Application

Web agent has several functions including searching, grouping and filtering. This kind of functions can be used in many different fields.

First for the function of searching, web agent can help the user to search for items which are related to the keywords that the user gives which can lower the time for looking up all of the materials. Also when the keyword is input by the user, web agent needs to confirm which level of authorization he or she has, so that when the user performs searching, he or she will only search for the information which is accessible for that level. This will protect the important information or data and not leaking them out.

Second, for the grouping, web agent will first group the related items and organize the database so that when performing a query, the agent can get the information quicker and accurately. When there is new information, what the user needs to do is just uploading those items and the agent will group them for you, this will lead to a well-organized database and time-consuming. When the administrator wants to view the whole database, it will be more good-looking.

Third, for filtering, as mentioned before, the web agent will first look at your authorization level when you request to view a webpage. This will increase the security of the system and protect private information. By first confirming your authorization level, the agent can filter out the information that should not be seen, this will increase the speed of searching and responding and hence increase the quality and efficiency of the system.

Limitations (User-agent spoofing)

Many websites are not designed according to the standards stated by W3C (World Wide Web Consortium) or the IETF (Internet Engineering Task Force) because, in the past, different Web browser products had different popularity and influenced in different areas. Thus, some websites are designed which only with particular browsers, the websites can work well. And there might be having an issue for a bug may occur to less-popular browsers. As websites often include code to detect browser version to adjust the page design sent according to the user agent string received. For those less-popular browsers, which may not able to see the content of the website as they are not sent complex content. In some extreme cases, not only part of the content cannot be seen, but all content. In order to take care of such issues, some browsers will force certain server-side content by using a feature to cloak or spoof the identification of the browsers itself.

Take the Android browser as an example. The Android browser will aid compatibility for its browser by identifies itself as Safari. For offline browsers as well as download managers, such kind of HTTP client programs even have the ability to solve this issue by changing the user agent string.

Some spambots and Web scrapers will take this chance to gain access and content from the website by using fake user agents.

Therefore, the statistics collected by the Web browser usage may not be accurate because there may be user-agent spoofing.