Abstract: A control system authorizes access to a networked resource. The control system includes a client agent associated with a client resource running at a user device, and a destination agent associated the networked resource. The client agent transparently injects one or more identity tokens associated with the client resource and one or more access tokens associated with the networked resource into a network request issued by the client resource and directed to the networked resource. The destination agent intercepts the network request and uses the access tokens to selectively route the network request in accordance with one or more security policies associated with the access tokens.

Abstract: A control system facilitates communication between a plurality of networked services. The control system includes a client agent associated with a first service of the networked services, and a destination agent associated with a second service of the networked services. The client agent includes an injection mechanism that intercepts a network request issued by the first service, transparently injects a token into the network request while the network request is in transit, and automatically transmits the network request to the second service in accordance with one or more security policies associated with the second service. The destination agent includes an interception mechanism that intercepts the network request, extracts the tokens from the network request, and determines whether to forward the network request to the second service.