Directory enabled, self service, single sign on management

US 20030195970A1
Filed: 04/11/2002
Published: 10/16/2003
Est. Priority Date: 04/11/2002
Status: Active Grant

First Claim

Patent Images

1. A method for directory enabled, self service, single sign on user account management, the method implemented in conjunction with a directory, the directory comprising resource directory entries and user directory entries, the method comprising the steps of:

receiving, from a user through a browser, an SSO user ID and SSO password of the user, the SSO password being known only to the user;

retrieving from the directory, in dependence upon the SSO user ID and SSO password, a user directory entry for the user, wherein the user directory entry includes a mapped resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;

creating, in dependence upon the user directory entry, a new mapping of a resource to the SSO user ID, wherein the creating comprises the further steps of;

retrieving from the directory a full resource list comprising resource names of all resources available for SSO mappings;

deleting from the full resource list the resource names in the mapped resource list, thereby yielding an available resource list of resources presently available for mapping to the SSO user ID;

displaying to the user through the browser the available resource list;

receiving a user'"'"'s chosen resource name from the available resource list displayed to the user, including resource security data for the chose resource name;

amending the user directory entry to include the chosen resource name and the resource security data for the chosen resource name; and

storing the amended user directory entry in the directory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for directory enabled, self service, single sign on user account management, the method implemented in conjunction with a directory, the directory comprising resource directory entries and user directory entries. Exemplary embodiments include receiving, from a user through a browser, an SSO user ID and SSO password of the user, the SSO password being known only to the user, retrieving from the directory, in dependence upon the SSO user ID and SSO password, a user directory entry for the user, and creating, in dependence upon the user directory entry, a new mapping of a resource to the SSO user ID.

60 Citations

View as Search Results

15 Claims

1. A method for directory enabled, self service, single sign on user account management, the method implemented in conjunction with a directory, the directory comprising resource directory entries and user directory entries, the method comprising the steps of:
- receiving, from a user through a browser, an SSO user ID and SSO password of the user, the SSO password being known only to the user;
  
  retrieving from the directory, in dependence upon the SSO user ID and SSO password, a user directory entry for the user, wherein the user directory entry includes a mapped resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;
  
  creating, in dependence upon the user directory entry, a new mapping of a resource to the SSO user ID, wherein the creating comprises the further steps of;
  
  retrieving from the directory a full resource list comprising resource names of all resources available for SSO mappings;
  
  deleting from the full resource list the resource names in the mapped resource list, thereby yielding an available resource list of resources presently available for mapping to the SSO user ID;
  
  displaying to the user through the browser the available resource list;
  
  receiving a user'"'"'s chosen resource name from the available resource list displayed to the user, including resource security data for the chose resource name;
  
  amending the user directory entry to include the chosen resource name and the resource security data for the chosen resource name; and
  
  storing the amended user directory entry in the directory.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the resource security data includes a resource user ID.
  - 3. The method of claim 1 wherein the resource security data includes a resource password.
  - 4. The method of claim 1 further comprising updating mappings of resources to the SSO user ID, where the updating comprises the further steps of:
    - creating, in dependence upon the mapped resource list, an update resource list comprising resource names and resource security data of resources mapped to the user'"'"'s SSO user ID;
      
      displaying to the user through the browser, in a editable format, the update resource list;
      
      receiving user changes in resource security data of a resource in the update resource list displayed to the user;
      
      amending the user directory entry to include the user changes; and
      
      storing the amended user directory entry in the directory.
  - 5. The method of claim 1 further comprising deleting mappings of resources to the SSO user ID, where the deleting comprises the further steps of:
    - creating, in dependence upon the mapped resource list, a deletion resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;
      
      displaying, to the user through the browser, in a markable format, the deletion resource list;
      
      receiving from the user a resource name of a resource marked for deletion from mappings to the user'"'"'s SSO user ID;
      
      amending the user directory entry to exclude the resource name and resource security data for the resource marked for deletion; and
      
      storing the amended user directory entry in the directory.

6. A system for directory enabled, self service, single sign on user account management, the system implemented in conjunction with a directory, the directory comprising resource directory entries and user directory entries, the system comprising:
- means for receiving, from a user through a browser, an SSO user ID and SSO password of the user, the SSO password being known only to the user;
  
  means for retrieving from the directory, in dependence upon the SSO user I) and SSO password, a user directory entry for the user, wherein the user directory entry includes a mapped resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;
  
  means for creating, in dependence upon the user directory entry, a new mapping of a resource to the SSO user ID, wherein the means for creating comprises;
  
  means for retrieving from the directory a full resource list comprising resource names of all resources available for SSO mappings;
  
  means for deleting from the full resource list the resource names in the mapped resource list, thereby yielding an available resource list of resources presently available for mapping to the SSO user ID;
  
  means for displaying to the user through the browser the available resource list;
  
  means for receiving a user'"'"'s chosen resource name from the available resource list displayed to the user, including resource security data for the chose resource name;
  
  means for amending the user directory entry to include the chosen resource name and the resource security data for the chosen resource name; and
  
  means for storing the amended user directory entry in the directory.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6 wherein the resource security data includes a resource user ID.
  - 8. The system of claim 6 wherein the resource security data includes a resource password.
  - 9. The system of claim 6 further comprising means for updating mappings of resources to the SSO user ID, where the updating comprises:
    - means for creating, in dependence upon the mapped resource list, an update resource list comprising resource names and resource security data of resources mapped to the user'"'"'s SSO user ID;
      
      means for displaying to the user through the browser, in a editable format, the update resource list;
      
      means for receiving user changes in resource security data of a resource in the update resource list displayed to the user;
      
      means for amending the user directory entry to include the user changes; and
      
      means for storing the amended user directory entry in the directory.
  - 10. The system of claim 6 further comprising means for deleting mappings of resources to the SSO user ID, where the deleting comprises:
    - means for creating, in dependence upon the mapped resource list, a deletion resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;
      
      means for displaying, to the user through the browser, in a markable format, the deletion resource list;
      
      means for receiving from the user a resource name of a resource marked for deletion from mappings to the user'"'"'s SSO user ID;
      
      means for amending the user directory entry to exclude the resource name and resource security data for the resource marked for deletion; and
      
      means for storing the amended user directory entry in the directory.

11. A computer program product for directory enabled, self service, single sign on user account management, the computer program product implemented in conjunction with a directory, the directory comprising resource directory entries and user directory entries, the computer program product comprising:
- a recording medium;
  
  means, recorded on the recording medium, for receiving, from a user through a browser, an SSO user ID and SSO password of the user, the SSO password being known only to the user;
  
  means, recorded on the recording medium, for retrieving from the directory, in dependence upon the SSO user ID and SSO password, a user directory entry for the user, wherein the user directory entry includes a mapped resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;
  
  means, recorded on the recording medium, for creating, in dependence upon the user directory entry, a new mapping of a resource to the SSO user ID, wherein the means, recorded on the recording medium, for creating comprises;
  
  means, recorded on the recording medium, for retrieving from the directory a full resource list comprising resource names of all resources available for SSO mappings;
  
  means, recorded on the recording medium, for deleting from the full resource list the resource names in the mapped resource list, thereby yielding an available resource list of resources presently available for mapping to the SSO user ID;
  
  means, recorded on the recording medium, for displaying to the user through the browser the available resource list;
  
  means, recorded on the recording medium, for receiving a user'"'"'s chosen resource name from the available resource list displayed to the user, including resource security data for the chose resource name;
  
  means for amending the user directory entry to include the chosen resource name and the resource security data for the chosen resource name; and
  
  means, recorded on the recording medium, for storing the amended user directory entry in the directory.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11 wherein the resource security data includes a resource user ID.
  - 13. The computer program product of claim 11 wherein the resource security data includes a resource password.
  - 14. The computer program product of claim 11 further comprising means, recorded on the recording medium, for updating mappings of resources to the SSO user ID, where the updating comprises:
    - means, recorded on the recording medium, for creating, in dependence upon the mapped resource list, an update resource list comprising resource names and resource security data of resources mapped to the user'"'"'s SSO user ID;
      
      means, recorded on the recording medium, for displaying to the user through the browser, in a editable format, the update resource list;
      
      means, recorded on the recording medium, for receiving user changes in resource security data of a resource in the update resource list displayed to the user;
      
      means, recorded on the recording medium, for amending the user directory entry to include the user changes; and
      
      means, recorded on the recording medium, for storing the amended user directory entry in the directory.
  - 15. The computer program product of claim 11 further comprising means, recorded on the recording medium, for deleting mappings of resources to the SSO user ID, where the deleting comprises:
    - means, recorded on the recording medium, for creating, in dependence upon the mapped resource list, a deletion resource list comprising resource names of resources mapped to the user'"'"'s SSO user ID;
      
      means, recorded on the recording medium, for displaying, to the user through the browser, in a markable format, the deletion resource list;
      
      means, recorded on the recording medium, for receiving from the user a resource name of a resource marked for deletion from mappings to the user'"'"'s SSO user ID;
      
      means, recorded on the recording medium, for amending the user directory entry to exclude the resource name and resource security data for the resource marked for deletion; and
      
      means, recorded on the recording medium, for storing the amended user directory entry in the directory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lakhdhir, Mansoor A., Dinh, Hung T., Goal, Patrick M., Gilkey, Jerry Andrew, Tran, Ky, Nadrendra, Reddy

Granted Patent

US 7,016,959 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/083 using passwords cryptograph...

Directory enabled, self service, single sign on management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Directory enabled, self service, single sign on management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links