Abstract: User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.

Abstract: Techniques are provided for performing security functions on a message payload in a network element. According to one aspect, a network element receives one or more data packets. The network element performs a security function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets. According to another aspect, a network element receives a first request that is destined for a first application. The network element sends, to a second application that sent the first request, a second request for authentication information. The network element receives the authentication information and determines whether the authentication information is valid. If the authentication information is not valid, then the network element prevents the first request from being sent to the first application.

Abstract: User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.