Method and system for user-determined attribute storage in a federated environment

US 20040128378A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for managing user attribute information within a data processing system, the method comprising:

receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and

requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user'"'"'s attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user'"'"'s AIPS, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.

47 Citations

View as Search Results

72 Claims

1. A method for managing user attribute information within a data processing system, the method comprising:
- receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and
  
  requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprising:
    - in response to a determination that the attribute information provider is not currently maintaining a requested user attribute for the user, prompting the user to input a value for the requested user attribute.
  - 3. The method of claim 1 further comprising:
    - prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider.
  - 4. The method of claim 1 further comprising:
    - prompting the user to enter a value for a releasability condition for a user attribute.
  - 5. The method of claim 4 further comprising:
    - prompting the user to enter a value for a temporal restraint for the releasability condition.
  - 6. The method of claim 5 further comprising:
    - indicating that the temporal restraint is effective permanently.
  - 7. The method of claim 5 further comprising:
    - indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider.
  - 8. The method of claim 4 further comprising:
    - prompting the user to enter a value for a domain restraint for the releasability condition.
  - 9. The method of claim 8 further comprising:
    - indicating that the domain restraint is for the service provider.
  - 10. The method of claim 9 further comprising:
    - indicating that the domain restraint is effective permanently.
  - 11. The method of claim 1 further comprising:
    - prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message.
  - 12. The method of claim 11 further comprising:
    - indicating that the permission condition is effective permanently.

13. A method for managing user attribute information within a data processing system, the method comprising:
- receiving from a user a request for a resource at a service provider;
  
  determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
  
  sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
  
  receiving a response message from the first attribute information provider; and
  
  determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13 further comprising:
    - halting retrievals for user attribute information for the user in accordance with the control flag.
  - 15. The method of claim 13 further comprising:
    - performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
  - 16. The method of claim 13 further comprising:
    - performing a user-specific operation for the resource based on retrieved user attribute information for the user.

17. A data processing system for managing user attribute information, the data processing system comprising:
- means for receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and
  
  means for requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The data processing system of claim 17 further comprising:
    - means for prompting the user to input a value for the requested user attribute in response to a determination that the attribute information provider is not currently maintaining a requested user attribute for the user.
  - 19. The data processing system of claim 17 further comprising:
    - means for prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider.
  - 20. The data processing system of claim 17 further comprising:
    - means for prompting the user to enter a value for a releasability condition for a user attribute.
  - 21. The data processing system of claim 20 further comprising:
    - means for prompting the user to enter a value for a temporal restraint for the releasability condition.
  - 22. The data processing system of claim 21 further comprising:
    - means for indicating that the temporal restraint is effective permanently.
  - 23. The data processing system of claim 21 further comprising:
    - means for indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider.
  - 24. The data processing system of claim 20 further comprising:
    - means for prompting the user to enter a value for a domain restraint for the releasability condition.
  - 25. The data processing system of claim 24 further comprising:
    - means for indicating that the domain restraint is for the service provider.
  - 26. The data processing system of claim 25 further comprising:
    - means for indicating that the domain restraint is effective permanently.
  - 27. The data processing system of claim 17 further comprising:
    - means for prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message.
  - 28. The data processing system of claim 27 further comprising:
    - means for indicating that the permission condition is effective permanently.

29. A data processing system for managing user attribute information, the data processing system comprising:
- means for receiving from a user a request for a resource at a service provider;
  
  means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
  
  means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
  
  means for receiving a response message from the first attribute information provider; and
  
  means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- View Dependent Claims (30, 31, 32)
- - 30. The data processing system of claim 29 further comprising:
    - means for halting retrievals for user attribute information for the user in accordance with the control flag.
  - 31. The data processing system of claim 29 further comprising:
    - means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
  - 32. The data processing system of claim 29 further comprising:
    - means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.

33. A computer program product in a computer readable medium for managing user attribute information in a data processing system, the computer program product comprising:
- means for receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and
  
  means for requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 34. The computer program product of claim 33 further comprising:
    - means for prompting the user to input a value for the requested user attribute in response to a determination that the attribute information provider is not currently maintaining a requested user attribute for the user.
  - 35. The computer program product of claim 33 further comprising:
    - means for prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider.
  - 36. The computer program product of claim 33 further comprising:
    - means for prompting the user to enter a value for a releasability condition for a user attribute.
  - 37. The computer program product of claim 36 further comprising:
    - means for prompting the user to enter a value for a temporal restraint for the releasability condition.
  - 38. The computer program product of claim 37 further comprising:
    - means for indicating that the temporal restraint is effective permanently.
  - 39. The computer program product of claim 37 further comprising:
    - means for indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider.
  - 40. The computer program product of claim 36 further comprising:
    - means for prompting the user to enter a value for a domain restraint for the releasability condition.
  - 41. The computer program product of claim 40 further comprising:
    - means for indicating that the domain restraint is for the service provider.
  - 42. The computer program product of claim 41 further comprising:
    - means for indicating that the domain restraint is effective permanently.
  - 43. The computer program product of claim 33 further comprising:
    - means for prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message.
  - 44. The computer program product of claim 43 further comprising:
    - means for indicating that the permission condition is effective permanently.

45. A computer program product in a computer readable medium for managing user attribute information in a data processing system, the computer program product comprising:
- means for receiving from a user a request for a resource at a service provider;
  
  means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user;
  
  means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user;
  
  means for receiving a response message from the first attribute information provider; and
  
  means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- View Dependent Claims (46, 47, 48)
- - 46. The computer program product of claim 45 further comprising:
    - means for halting retrievals for user attribute information for the user in accordance with the control flag.
  - 47. The computer program product of claim 45 further comprising:
    - means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
  - 48. The computer program product of claim 45 further comprising:
    - means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.

49. A method for managing user information within a data processing system, the method comprising:
- receiving from a client a request for a resource at a service provider;
  
  in response to a determination that the service provider does not have a set of one or more identifiers of attribute information providers that was previously associated with the client or a user of the client;
  
  selecting a set of one or more identifiers of attribute information providers, wherein each of the attribute information providers is a service provider that maintains user attribute information for the user; and
  
  sending an attribute information retrieval request message to a user-specified attribute information provider from the service provider.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
- - 50. The method of claim 49 further comprising:
    - providing a user option to choose whether to persistently associate the user with the selection of the set of one or more identifiers of attribute information providers.
  - 51. The method of claim 50 further comprising:
    - enrolling the selection of the set of one or more identifiers of attribute information providers at the service provider.
  - 52. The method of claim 50 further comprising:
    - storing the set of one or more identifiers of attribute information providers in a persistent token at the client.
  - 53. The method of claim 50 further comprising:
    - storing the set of one or more identifiers of attribute information providers in a client-side information repository.
  - 54. The method of claim 49 further comprising:
    - receiving the set of one or more identifiers of attribute information providers as input from the user.
  - 55. The method of claim 49 further comprising:
    - retrieving the set of one or more identifiers of attribute information providers from administratively configured information.
  - 56. The method of claim 49 further comprising:
    - providing a user option to choose whether to establish a relationship with an attribute information provider in the set of one or more identifiers of attribute information providers.

57. An apparatus for managing user information, the apparatus comprising:
- means for receiving from a client a request for a resource at a service provider;
  
  means for selecting a set of one or more identifiers of attribute information providers in response to a determination that the service provider does not have a set of one or more identifiers of attribute information providers that was previously associated with the client or a user of the client, wherein each of the attribute information providers is a service provider that maintains user attribute information for the user; and
  
  means for sending an attribute information retrieval request message to a user-specified attribute information provider from the service provider.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64)
- - 58. The apparatus of claim 57 further comprising:
    - means for providing a user option to choose whether to persistently associate the user with the selection of the set of one or more identifiers of attribute information providers.
  - 59. The apparatus of claim 58 further comprising:
    - means for enrolling the selection of the set of one or more identifiers of attribute information providers at the service provider.
  - 60. The apparatus of claim 58 further comprising:
    - means for storing the set of one or more identifiers of attribute information providers in a persistent token at the client.
  - 61. The apparatus of claim 58 further comprising:
    - means for storing the set of one or more identifiers of attribute information providers in a client-side information repository.
  - 62. The apparatus of claim 57 further comprising:
    - means for receiving the set of one or more identifiers of attribute information providers as input from the user.
  - 63. The apparatus of claim 57 further comprising:
    - means for retrieving the set of one or more identifiers of attribute information providers from administratively configured information.
  - 64. The apparatus of claim 57 further comprising:
    - means for providing a user option to choose whether to establish a relationship with an attribute information provider in the set of one or more identifiers of attribute information providers.

65. A computer program product in a computer readable medium for managing user information in a data processing system, the computer program product comprising:
- means for receiving from a client a request for a resource at a service provider;
  
  means for selecting a set of one or more identifiers of attribute information providers in response to a determination that the service provider does not have a set of one or more identifiers of attribute information providers that was previously associated with the client or a user of the client, wherein each of the attribute information providers is a service provider that maintains user attribute information for the user; and
  
  means for sending an attribute information retrieval request message to a user-specified attribute information provider from the service provider.
- View Dependent Claims (66, 67, 68, 69, 70, 71, 72)
- - 66. The computer program product of claim 65 further comprising:
    - means for providing a user option to choose whether to persistently associate the user with the selection of the set of one or more identifiers of attribute information providers.
  - 67. The computer program product of claim 66 further comprising:
    - means for enrolling the selection of the set of one or more identifiers of attribute information providers at the service provider.
  - 68. The computer program product of claim 66 further comprising:
    - means for storing the set of one or more identifiers of attribute information providers in a persistent token at the client.
  - 69. The computer program product of claim 66 further comprising:
    - means for storing the set of one or more identifiers of attribute information providers in a client-side information repository.
  - 70. The computer program product of claim 65 further comprising:
    - means for receiving the set of one or more identifiers of attribute information providers as input from the user.
  - 71. The computer program product of claim 65 further comprising:
    - means for retrieving the set of one or more identifiers of attribute information providers from administratively configured information.
  - 72. The computer program product of claim 65 further comprising:
    - means for providing a user option to choose whether to establish a relationship with an attribute information provider in the set of one or more identifiers of attribute information providers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daedalus Blue LLC
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria, Pfitzmann, Birgit Monika, Blakley, George Robert III

Granted Patent

US 7,797,434 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/101   Access control lists [ACL]

Method and system for user-determined attribute storage in a federated environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

72 Claims

Specification

Use Cases

Quick Links

Others

Method and system for user-determined attribute storage in a federated environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

72 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others