Distributed network identity
First Claim
1. A method for establishing a relationship between a first node and a second node, the method comprising:
- receiving a login from a user at the first node;
receiving a login from a user at the second node;
authenticating the login at the first node;
authenticating the login at the second node;
generating a first handle corresponding to a user account on the first node, the first handle for identifying the user at the first node;
generating a second handle corresponding to a user account on the second node, the second handle for identifying the user at the second node;
passing the first handle to the second node; and
passing the second handle to the first node, the first handle and the second handle are combinable to identify the user account on the first node and the user account on the second node.
2 Assignments
0 Petitions
Accused Products
Abstract
A distributed network identity is provided. An identity provider stores a portion of a user'"'"'s personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.
-
Citations
52 Claims
-
1. A method for establishing a relationship between a first node and a second node, the method comprising:
-
receiving a login from a user at the first node;
receiving a login from a user at the second node;
authenticating the login at the first node;
authenticating the login at the second node;
generating a first handle corresponding to a user account on the first node, the first handle for identifying the user at the first node;
generating a second handle corresponding to a user account on the second node, the second handle for identifying the user at the second node;
passing the first handle to the second node; and
passing the second handle to the first node, the first handle and the second handle are combinable to identify the user account on the first node and the user account on the second node. - View Dependent Claims (2, 3, 4)
-
-
5. A method for providing user authentication to a service provider, the method comprising:
-
receiving, at an identity provider, an identifier that indicates the service provider, wherein the identifier includes an assertion of an identity of a user;
requesting an identity credential from the user;
authenticating the identity credential to produce an authenticated credential; and
passing the authenticated credential to the service provider. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
12. A method for linking user accounts, the method comprising:
-
authenticating a user with an identity provider;
receiving, at a service provider, a first handle corresponding to the user;
updating a user directory entry associated with the user to include the first handle;
generating a second handle for the user; and
passing the second handle to the identity provider, wherein the first handle and the second handle are combinable to identify an account of the user. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method for linking user accounts, the method comprising:
-
generating, at an identity provider, a first handle for a user;
sending the first handle to a service provider;
receiving a second handle for the user from the service provider; and
updating a user directory entry associated with the user to include the second handle, wherein the first handle and the second handle are combinable to identify an account of the user. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A method for trust chaining, the method comprising:
-
providing a user account handle, wherein the handle links a first system entity and a second system entity; and
requesting user profile data from one of the first system entity and the second system entity. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method for delegating a service, the method comprising:
-
authenticating a user with an identity provider;
requesting, by a first service provider a ticket from the identity provider for the delegated service, wherein the delegated service is performed by a second service provider;
receiving the ticket at the first service provider, the ticket for authorizing the second service provider to perform the delegated service on behalf of the user; and
presenting the ticket at the second service provider to use the delegated service. - View Dependent Claims (36, 37, 38)
-
-
39. A computer readable medium comprising:
-
program instructions for providing a user account handle, wherein the handle links a first system entity and a second system entity; and
program instructions for requesting user profile data from one of the first system entity and the second system entity. - View Dependent Claims (40, 41, 42, 43)
-
-
44. A system for trust chaining, the system comprising:
-
an identifier module configured to provide a user account handle, wherein the handle links a first system entity and a second system entity; and
a user account module configured to request user profile data from one of the first system entity and the second system entity. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52)
-
Specification