Identity experience framework
First Claim
1. A system comprising:
- at least one memory configured to store program logic for an application; and
at least one processor configured to access the at least one memory and to execute the program logic, the program logic comprising;
user interface (UI) logic configured to;
display a verification UI associated with an identity policy;
policy logic configured to;
generate a call to an identity policy host, the call indicating the identity policy, that is one of a plurality of identity policies, for dynamic deployment of the verification UI for the application; and
identity claim and token logic configured to;
generate a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; and
consume a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods for composable user journeys for user authentication via an identity experience framework are performed by systems and apparatuses. Initiating a user authentication process for an application triggers application calls for dynamic invocation of a specific identity policy, required by the application, of a number of identity policies managed by a host of the identity experience framework. User interfaces defined by the identity policies are provided from the host to the application for interaction by the user and entry of identity information needed to authenticate the user according to specified verification providers. Identity claims and token requests are provided from the application to the host which then authenticates the identity claims via the verification providers and mints a token that includes the claims required by the application, according to the identity policy. The application consumes the token to complete the token request and allow the user access to the application.
-
Citations
20 Claims
-
1. A system comprising:
-
at least one memory configured to store program logic for an application; and at least one processor configured to access the at least one memory and to execute the program logic, the program logic comprising; user interface (UI) logic configured to; display a verification UI associated with an identity policy; policy logic configured to; generate a call to an identity policy host, the call indicating the identity policy, that is one of a plurality of identity policies, for dynamic deployment of the verification UI for the application; and identity claim and token logic configured to; generate a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; and consume a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method implemented by a computing system of an application service provider of an application, the method comprising:
-
generating and providing a call to an identity policy host, the call indicating an identity policy, that is one of a plurality of identity policies, for dynamic deployment of a verification user interface (UI) for the application; displaying the verification UI associated with the identity policy; generating and providing a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; and consuming a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable storage medium comprising computer-executable instructions that, when executed by at least one processor, perform a method implemented by a computing system that interacts with a multi-sided identity experience framework system configured to support a plurality of remote identity operators, a plurality of remote verification providers, and a plurality of remote application service providers for user authentication to applications, the method comprising:
-
generating and providing a call to an identity policy host, the call indicating an identity policy, that is one of a plurality of identity policies, for dynamic deployment of a verification user interface (UI) for the application; receiving the verification UI or an identifier thereof responsive to the call; displaying the verification UI associated with the identity policy; generating and providing a token request and an identity claim of a user responsive to a first user interaction that is with the verification UI; receiving the token responsive to providing to the token request; and consuming a token from the identity policy host subsequent to generating the token request to allow access by the user to at least one feature of the application. - View Dependent Claims (17, 18, 19, 20)
-
Specification