Method and system for enroll-thru operations and reprioritization operations in a federated environment

US 20040128383A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Active Grant

First Claim

Patent Images

1. A method for managing user information within a data processing system, the method comprising:

receiving a message from a first service provider at a second service provider; and

in response to a determination at the second service provider that the message indicates a request for an enroll-thru operation for a user, enrolling the user at a third service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system is presented for facilitating user enrollment at service providers, particularly with respect to storage and retrieval of user attribute information within a federated environment at entities that manage such information as a service. One domain can inform other domains of identities of service providers that are to be associated with a user, thereby enrolling information about the user at those domains. In addition, an enrollment operation can be invoked by a first service provider through a second service provider such that the user becomes enrolled at a third service provider. During an enrollment operation, information about multiple service providers may be associated with a user, and these service providers may be prioritized. The user may be provided an opportunity to reprioritize the service providers during the enrollment operation so that the service providers are subsequently contacted or used in a particular priority order.

88 Citations

View as Search Results

36 Claims

1. A method for managing user information within a data processing system, the method comprising:
- receiving a message from a first service provider at a second service provider; and
  
  in response to a determination at the second service provider that the message indicates a request for an enroll-thru operation for a user, enrolling the user at a third service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - extracting from the message a set of one or more identifiers of service providers, wherein the set of one or more identifiers of service providers comprises an identifier for the third service provider.
  - 3. The method of claim 1 further comprising:
    - receiving at the second service provider an identifier for the third service provider as input from the user prior to enrolling the user at the third service provider.
  - 4. The method of claim 1 further comprising:
    - retrieving at the second service provider an identifier for the third service provider from administratively configured information.
  - 5. The method of claim 1 wherein an identifier for a service provider or a domain may comprise a network path, a Uniform Resource Identifier (URI), or a unique name.
  - 6. The method of claim 1 further comprising:
    - receiving input for user-selectable options for indicating to the second service provider a preference in a manner in which the second service provider stores the set of one or more identifiers of service providers.
  - 7. The method of claim 6 wherein the user-selectable options comprise an overwrite option, an append option, and/or an add-with-reprioritization option.

8. A method for managing user information within a data processing system, the method comprising:
- receiving a message from a first service provider at a second service provider;
  
  extracting from the message a set of one or more identifiers associated with a set of service providers;
  
  retrieving from the message option parameters that indicate a manner for the second service provider to store the set of one or more identifiers associated with the set of service providers; and
  
  generating a persistent token for the user at the second service provider, wherein the persistent token comprises the set of one or more identifiers associated with the set of service providers.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 wherein the option parameters comprise an overwrite option, an append option, and/or an add-with-reprioritization option.
  - 10. The method of claim 8 further comprising:
    - in response to a determination that the second service provider had a prior persistent token for the user prior to receiving the message, generating the persistent token for the user in accordance with the option parameters.
  - 11. The method of claim 10 further comprising:
    - receiving user input for priorities to be associated with the set of one or more identifiers associated with the set of service providers prior to generating the persistent token for the user in accordance with an add-with-reprioritization option.
  - 12. The method of claim 8 further comprising:
    - receiving from the user a request for a resource at the second service provider;
      
      obtaining the persistent token for the user;
      
      extracting the set of one or more identifiers associated with the set of service providers from the persistent token;
      
      retrieving user attribute information for the user from at least one attribute information provider identified in the set of one or more identifiers associated with the set of service providers; and
      
      performing a customization operation for the resource or an access control decision for the resource based on the retrieved user attribute information for the user.

13. An apparatus for managing user information, the apparatus comprising:
- means for receiving a message from a first service provider at a second service provider; and
  
  means for enrolling the user at a third service provider in response to a determination at the second service provider that the message indicates a request for an enroll-thru operation for a user.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13 further comprising:
    - means for extracting from the message a set of one or more identifiers of service providers, wherein the set of one or more identifiers of service providers comprises an identifier for the third service provider.
  - 15. The apparatus of claim 13 further comprising:
    - means for receiving at the second service provider an identifier for the third service provider as input from the user prior to enrolling the user at the third service provider.
  - 16. The apparatus of claim 13 further comprising:
    - means for retrieving at the second service provider an identifier for the third service provider from administratively configured information.
  - 17. The apparatus of claim 13 wherein an identifier for a service provider or a domain may comprise a network path, a Uniform Resource Identifier (URI), or a unique name.
  - 18. The apparatus of claim 13 further comprising:
    - means for receiving input for user-selectable options for indicating to the second service provider a preference in a manner in which the second service provider stores the set of one or more identifiers of service providers.
  - 19. The apparatus of claim 18 wherein the user-selectable options comprise an overwrite option, an append option, and/or an add-with-reprioritization option.

20. An apparatus for managing user information, the apparatus comprising:
- means for receiving a message from a first service provider at a second service provider;
  
  means for extracting from the message a set of one or more identifiers associated with a set of service providers;
  
  means for retrieving from the message option parameters that indicate a manner for the second service provider to store the set of one or more identifiers associated with the set of service providers; and
  
  means for generating a persistent token for the user at the second service provider, wherein the persistent token comprises the set of one or more identifiers associated with the set of service providers.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The apparatus of claim 20 wherein the option parameters comprise an overwrite option, an append option, and/or an add-with-reprioritization option.
  - 22. The apparatus of claim 20 further comprising:
    - means for generating the persistent token for the user in accordance with the option parameters in response to a determination that the second service provider had a prior persistent token for the user prior to receiving the message.
  - 23. The apparatus of claim 22 further comprising:
    - means for receiving user input for priorities to be associated with the set of one or more identifiers associated with the set of service providers prior to generating the persistent token for the user in accordance with an add-with-reprioritization option.
  - 24. The apparatus of claim 20 further comprising:
    - means for receiving from the user a request for a resource at the second service provider;
      
      means for obtaining the persistent token for the user;
      
      means for extracting the set of one or more identifiers associated with the set of service providers from the persistent token;
      
      means for retrieving user attribute information for the user from at least one attribute information provider identified in the set of one or more identifiers associated with the set of service providers; and
      
      means for performing a customization operation for the resource or an access control decision for the resource based on the retrieved user attribute information for the user.

25. A computer program product in a computer readable medium for managing user information in a data processing system, the computer program product comprising:
- means for receiving a message from a first service provider at a second service provider; and
  
  means for enrolling the user at a third service provider in response to a determination at the second service provider that the message indicates a request for an enroll-thru operation for a user.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The computer program product of claim 25 further comprising:
    - means for extracting from the message a set of one or more identifiers of service providers, wherein the set of one or more identifiers of service providers comprises an identifier for the third service provider.
  - 27. The computer program product of claim 25 further comprising:
    - means for receiving at the second service provider an identifier for the third service provider as input from the user prior to enrolling the user at the third service provider.
  - 28. The computer program product of claim 25 further comprising:
    - means for retrieving at the second service provider an identifier for the third service provider from administratively configured information.
  - 29. The computer program product of claim 25 wherein an identifier for a service provider or a domain may comprise a network path, a Uniform Resource Identifier (URI), or a unique name.
  - 30. The computer program product of claim 25 further comprising:
    - means for receiving input for user-selectable options for indicating to the second service provider a preference in a manner in which the second service provider stores the set of one or more identifiers of service providers.
  - 31. The computer program product of claim 30 wherein the user-selectable options comprise an overwrite option, an append option, and/or an add-with-reprioritization option.

32. A computer program product in a computer readable medium for managing user information in a data processing system, the computer program product comprising:
- means for receiving a message from a first service provider at a second service provider;
  
  means for extracting from the message a set of one or more identifiers associated with a set of service providers;
  
  means for retrieving from the message option parameters that indicate a manner for the second service provider to store the set of one or more identifiers associated with the set of service providers; and
  
  means for generating a persistent token for the user at the second service provider, wherein the persistent token comprises the set of one or more identifiers associated with the set of service providers.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The computer program product of claim 32 wherein the option parameters comprise an overwrite option, an append option, and/or an add-with-reprioritization option.
  - 34. The computer program product of claim 32 further comprising:
    - means for generating the persistent token for the user in accordance with the option parameters in response to a determination that the second service provider had a prior persistent token for the user prior to receiving the message.
  - 35. The computer program product of claim 34 further comprising:
    - means for receiving user input for priorities to be associated with the set of one or more identifiers associated with the set of service providers prior to generating the persistent token for the user in accordance with an add-with-reprioritization option.
  - 36. The computer program product of claim 32 further comprising:
    - means for receiving from the user a request for a resource at the second service provider;
      
      means for obtaining the persistent token for the user;
      
      means for extracting the set of one or more identifiers associated with the set of service providers from the persistent token;
      
      means for retrieving user attribute information for the user from at least one attribute information provider identified in the set of one or more identifiers associated with the set of service providers; and
      
      means for performing a customization operation for the resource or an access control decision for the resource based on the retrieved user attribute information for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria

Granted Patent

US 7,587,491 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/104 Grouping of entities

Method and system for enroll-thru operations and reprioritization operations in a federated environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

88 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enroll-thru operations and reprioritization operations in a federated environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links