Method of assessing an organization's network identity capability

US 20030177121A1
Filed: 03/17/2003
Published: 09/18/2003
Est. Priority Date: 03/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method of implementing network identity capability within an organization, the method comprising:

assess the organization'"'"'s identity capabilities regarding the organization'"'"'s employees, customers, technology infrastructure, and relationships with business partners;

assessing the organization'"'"'s identity requirements regarding the employees, customers, technology infrastructure and relationships with business partners;

redesigning said technology infrastructure to accommodate said identity requirements;

enabling role-based access to services offered by the organization;

decoupling users'"'"' identity information from the users'"'"' access to said services, wherein the users include at least the employees and the customers; and

obtaining user identity information from a trusted identity provider service external to the organization.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of determining an organization'"'"'s network identity capability. The organization'"'"'s relationships with its employees, customers and business partners, and the organization'"'"'s technological infrastructure, are examined. By examining the organization'"'"'s use of identity data (e.g., data identifying customers, employees), the organization'"'"'s management of that data, and the technology infrastructure can be redesigned to enable better network identity capability. Improved network identity capability enables users'"'"' access to multiple applications or services through a single authentication process (e.g., a single login or sign-on), device-independent access to those applications and services, greater protection for the data, improved business processes and collaborations with business partners, etc.

108 Citations

View as Search Results

30 Claims

1. A method of implementing network identity capability within an organization, the method comprising:
- assess the organization'"'"'s identity capabilities regarding the organization'"'"'s employees, customers, technology infrastructure, and relationships with business partners;
  
  assessing the organization'"'"'s identity requirements regarding the employees, customers, technology infrastructure and relationships with business partners;
  
  redesigning said technology infrastructure to accommodate said identity requirements;
  
  enabling role-based access to services offered by the organization;
  
  decoupling users'"'"' identity information from the users'"'"' access to said services, wherein the users include at least the employees and the customers; and
  
  obtaining user identity information from a trusted identity provider service external to the organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein said assessing the organization'"'"'s identity capabilities comprises:
    - determining how user identity information is used within the technology infrastructure, said services and the relationships with said business partners.
  - 3. The method of claim 1, further comprising:
    - identifying one or more redundant business processes within said services.
  - 4. The method of claim 1, wherein said redesigning comprises:
    - establishing a set of common identity definitions for use within the technology infrastructure, said services and the relationships with said business partners.
  - 5. The method of claim 1, further comprising:
    - centralizing the administration of identity data concerning the users.
  - 6. The method of claim 1, wherein said enabling comprises:
    - implementing policy-driven provisioning of said services offered by the organization.
  - 7. The method of claim 1, further comprising:
    - delegating administration of identity data concerning the users.
  - 8. The method of claim 1, wherein said decoupling comprises:
    - enabling a user to access a plurality of said services offered by the organization after a single authentication of the user'"'"'s identity.
  - 9. The method of claim 1, further comprising:
    - establishing identity-centered collaborations with one or more of said business partners.
  - 10. The method of claim 1, wherein said obtaining comprises:
    - establishing trusted communication with said trusted identity service provider.
  - 11. The method of claim 1, further comprising:
    - establishing a trusted relationship with one or more of said business partners, wherein said trusted relationship allows a user to access services of the organization and the one or more business partners with a single authentication of the user'"'"'s identity.

12. A computer readable storage medium storing instructions that, when executed by a computer, cause the computer to perform a method of implementing network identity capability within an organization, the method comprising:
- assess the organization'"'"'s identity capabilities regarding the organization'"'"'s employees, customers, technology infrastructure, and relationships with business partners;
  
  assessing the organization'"'"'s identity requirements regarding the employees, customers, technology infrastructure and relationships with business partners;
  
  redesigning said technology infrastructure to accommodate said identity requirements;
  
  enabling role-based access to services offered by the organization;
  
  decoupling users'"'"' identity information from the users'"'"' access to said services, wherein the users include at least the employees and the customers; and
  
  obtaining user identity information from a trusted identity provider service external to the organization.

13. A method of assessing an organization'"'"'s network identity capability, comprising:
- determining whether the organization offers a user access to multiple applications with a single authentication of the user'"'"'s identity;
  
  determining whether access to the multiple applications requires authorization and authentication;
  
  determining whether the user'"'"'s access to said applications is independent of the device employed by the user to access said applications;
  
  determining whether the organization provides adequate protection of user identity data; and
  
  determining whether the organization offers personalized, context-sensitive services to the user.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein said determining whether the user'"'"'s access to said applications is independent of the device employed by the user to access said applications comprises:
    - determining whether an employee is able to access the multiple applications from multiple, different devices.
  - 15. The method of claim 13, further comprising:
    - determining whether the organization is able to offer an application unrestricted by operational and technological constraints.
  - 16. The method of claim 13, further comprising:
    - determining whether the organization provides employee provisioning of access to the multiple applications based on roles.
  - 17. The method of claim 13, further comprising:
    - determining whether the user is informed of the organization'"'"'s policy for protecting the user'"'"'s identity data.

18. A computer readable storage medium storing instructions that, when executed by a computer, cause the computer to perform a method of assessing an organization'"'"'s network identity capability, the method comprising:
- determining whether the organization offers a user access to multiple applications with a single authentication of the user'"'"'s identity;
  
  determining whether access to the multiple applications requires authorization and authentication;
  
  determining whether the user'"'"'s access to said applications is independent of the device employed by the user to access said applications;
  
  determining whether the organization provides adequate protection of user identity data; and
  
  determining whether the organization offers personalized, context-sensitive services to the user.

19. A method of assessing an organization'"'"'s network identity capabilities, comprising:
- identifying a plurality of benefits achievable from implementing one or more network identity capabilities;
  
  eliciting a first prioritization of said benefits for the organization;
  
  categorizing said network identity capabilities into multiple categories corresponding to functional areas of the organization;
  
  from at least one individual within each of the categories;
  
  receiving a prioritization of a subset of said benefits;
  
  receiving indications of the extent to which each said capability in the category is applied to achieve one or more of said benefits; and
  
  aggregating said indications across all of the categories to report an assessment of the organization'"'"'s network identity capabilities.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. The method of claim 19, further comprising:
    - reporting the extent to which each said capability is applied by the organization; and
      
      reporting the extent to which of said benefits is being achieved.
  - 21. The method of claim 20, further comprising:
    - reporting any misalignment between said prioritizations of said benefits.
  - 22. The method of claim 20, further comprising:
    - for each of said benefits, reporting a ratio of its priority to said extent to which said benefit is being achieved.
  - 23. The method of claim 19, wherein said categorizing further comprises dividing said network identity capabilities into multiple topics, wherein each said topic represents a high-level network identity capability.
  - 24. The method of claim 19, wherein said assessment comprises a score reflecting an average of the organization'"'"'s network identity capabilities.
  - 25. The method of claim 24, wherein said score indicates an overall network identity capability of the organization between 0% and 100% capable.
  - 26. The method of claim 19, wherein said assessment identifies a phase of network identity capability in which the organization is situated.
  - 27. The method of claim 19, further comprising, within each of the categories:
    - aggregating said indications within the category to report an assessment of the organization'"'"'s network identity capabilities within the category.
  - 28. The method of claim 27, further comprising:
    - for each capability within the category, aggregating said indications to report an assessment of the extent to which the capability is employed to achieve one or more of said benefits associated with the capability.
  - 29. The method of claim 19, further comprising:
    - comparing the first prioritization of said benefits to an aggregation of said prioritizations of said benefits by the individuals.

30. A computer readable storage medium storing instructions that, when executed by a computer, cause the computer to perform a method of assessing an organization'"'"'s network identity capabilities, the method comprising:
- identifying a plurality of benefits achievable from implementing one or more network identity capabilities;
  
  eliciting a first prioritization of said benefits for the organization;
  
  categorizing said network identity capabilities into multiple categories corresponding to functional areas of the organization;
  
  from at least one individual within each of the categories;
  
  receiving a prioritization of a subset of said benefits; and
  
  receiving indications of the extent to which each said capability in the category is applied to achieve one or more of said benefits; and
  
  aggregating said indications across all of the categories to report an assessment of the organization'"'"'s network identity capabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Welsh, Kevin, Moona, Sanjay K.

Granted Patent

US 7,552,481 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

H04L 63/20 for managing network securi...

Method of assessing an organization's network identity capability

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method of assessing an organization's network identity capability

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links