Dynamic policy-based on-boarding of devices in enterprise environments
First Claim
1. A system for providing access to wireless networks, comprising:
- an access provider that is a member of an identity and access federation implemented in a wireless roaming environment, the access provider comprising;
at least one processor; and
a memory comprising program instructions that when executed by the at least one processor cause the processor to;
receive, from a wireless device on behalf of a user, a request to access a wireless network, the wireless device being communicatively coupled to the access provider;
obtain data representing a policy applicable to the access request;
send the access request, augmented with an indication of the policy, to an identity provider that is associated with the user and is a member of the identity and access federation, the identity provider having no pre-existing relationship with the access provider;
receive, from the identity provider, an access request response indicating whether the policy has been met;
communicate, to the wireless device when the access request response indicates that the policy has been met, an indication that the access request has been accepted; and
communicate, to the wireless device when the access request response indicates that the policy has not been met, an indication that the access request has been rejected.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.
20 Citations
20 Claims
-
1. A system for providing access to wireless networks, comprising:
an access provider that is a member of an identity and access federation implemented in a wireless roaming environment, the access provider comprising; at least one processor; and a memory comprising program instructions that when executed by the at least one processor cause the processor to; receive, from a wireless device on behalf of a user, a request to access a wireless network, the wireless device being communicatively coupled to the access provider; obtain data representing a policy applicable to the access request; send the access request, augmented with an indication of the policy, to an identity provider that is associated with the user and is a member of the identity and access federation, the identity provider having no pre-existing relationship with the access provider; receive, from the identity provider, an access request response indicating whether the policy has been met; communicate, to the wireless device when the access request response indicates that the policy has been met, an indication that the access request has been accepted; and communicate, to the wireless device when the access request response indicates that the policy has not been met, an indication that the access request has been rejected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method for providing access to wireless networks, comprising:
-
receiving, by a wireless network access provider that is a member of an identity and access federation implemented in a wireless roaming environment from a wireless device on behalf of a user, a request to access a wireless network; obtaining data representing a policy applicable to the access request; sending the access request, augmented with an indication of the policy, to an identity provider that is associated with the user and is a member of the identity and access federation, the identity provider having no pre-existing relationship with the access provider; receiving, from the identity provider, an access request response indicating that the policy has been met; communicating, to the wireless device, an indication that the access request has been accepted. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
a processor; and a memory comprising program instructions that when executed by the processor cause the processor to; receive, from a wireless device on behalf of a user, a request to access a wireless network, the wireless device being communicatively coupled to the access provider; obtain data representing a policy applicable to the access request; send the access request, augmented with an indication of the policy, to an identity provider that is associated with the user and is a member of the identity and access federation, the identity provider having no pre-existing relationship with the access provider; receive, from the identity provider, an access request response indicating whether the policy has been met; communicate, to the wireless device when the access request response indicates that the policy has been met, an indication that the access request has been accepted; and communicate, to the wireless device when the access request response indicates that the policy has not been met, an indication that the access request has been rejected. - View Dependent Claims (18, 19, 20)
-
Specification