Trusting security attribute authorities that are both cooperative and competitive
First Claim
Patent Images
1. A method of authorizing a user, comprising the steps of:
- assigning a first role to a user in a first domain;
assigning a second role in a second domain to the first role;
assigning access to a resource in the second domain to the second role;
receiving a request from the user for the resource; and
providing access to the resource, to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for authorizing a user. The method comprises the steps of assigning a first role to a user in a first domain, assigning a second role in a second domain to the first role, and assigning access to a resource in the second domain to the second role. The method comprises the further steps of receiving a request from the user for the resource; and providing access to the resource, to the user. The invention may be employed by users and services to manage their interaction with those services, including configuring which they trust for what types of information, in what applications, and which subsets of information they can be trusted to provide.
24 Citations
24 Claims
-
1. A method of authorizing a user, comprising the steps of:
-
assigning a first role to a user in a first domain;
assigning a second role in a second domain to the first role;
assigning access to a resource in the second domain to the second role;
receiving a request from the user for the resource; and
providing access to the resource, to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
-
-
8. A system for authorizing a user, comprising:
-
means for assigning a first role to a user in a first domain;
means for assigning a second role in a second domain to the first role;
means for assigning access to a resource in the second domain to the second role;
means for receiving a request from the user for the resource; and
means for providing the user with access to the resource. - View Dependent Claims (9, 10, 11, 13, 14)
-
-
15. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for authorizing a user, said method steps comprising:
-
assigning a first role to a user in a first domain;
assigning a second role in a second domain to the first role;
assigning access to a resource in the second domain to the second role;
receiving a request from the user for the resource; and
providing access to the resource, to the user. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method of mapping from an attribute in one domain to an identity in another domain, comprising the steps of:
-
assigning a role to a user in a first domain;
assigning an identity in a second domain to the role;
assigning access to a resource in the second domain to the identity;
receiving a request from the user with the role for the resource;
mapping the request to the identity in the second domain; and
providing access to the resource, to the user. - View Dependent Claims (23, 24)
-
Specification