Uniformly representing and transferring security assertion and security response information
First Claim
1. In a distributed system including a requesting message processor that is communicatively coupled to a validating message processor so as to be able to communicate by transferring electronic messages, the requesting message processor further including a security token processing interface for transferring security tokens that can encapsulate security data of any of one or more different formats, a method for determining if a client message processor is a trusted client such that the need to have multiple protocols stacks to transfer security assertions and security responses is reduced at least at the requesting message processor, the method comprising:
- an act of identifying client security input data of a first format that is to be transferred to the validating message processor;
an act of encapsulating at least a portion of the client security input data within a client security token such that the client security token can be processed by a corresponding validating token processing interface at the validating message processor to determine if the client message processor is a trusted client;
an act of the requesting message processor sending the client security token to the validating message processor;
an act of the requesting message processor receiving a response security token from the validating message processor, the response security token encapsulating at least a first portion of client security output data of a second format; and
an act of processing the response security token to determine if the first portion of client security output data indicates that the client message processor is a trusted client.
2 Assignments
0 Petitions
Accused Products
Abstract
A requesting message processor identifies client security input data of a first format and encapsulates the client security input data within a client security token. A requesting token processing interface sends the client security token to a validating message processor. A validating token processing interface at the validating message processor receives the client security token. Based on the encapsulated client security input data, the validating message processor selects client security output data of a second format. The validating message processor encapsulates the security output data within a response security token. The validating token processing interface sends the response security token to the requesting message processor. The token processing interfaces can be configured to similarly abstract security input data and security output data so as to increase the possibility of compatible communication between the requesting and validating message processor.
67 Citations
41 Claims
-
1. In a distributed system including a requesting message processor that is communicatively coupled to a validating message processor so as to be able to communicate by transferring electronic messages, the requesting message processor further including a security token processing interface for transferring security tokens that can encapsulate security data of any of one or more different formats, a method for determining if a client message processor is a trusted client such that the need to have multiple protocols stacks to transfer security assertions and security responses is reduced at least at the requesting message processor, the method comprising:
-
an act of identifying client security input data of a first format that is to be transferred to the validating message processor;
an act of encapsulating at least a portion of the client security input data within a client security token such that the client security token can be processed by a corresponding validating token processing interface at the validating message processor to determine if the client message processor is a trusted client;
an act of the requesting message processor sending the client security token to the validating message processor;
an act of the requesting message processor receiving a response security token from the validating message processor, the response security token encapsulating at least a first portion of client security output data of a second format; and
an act of processing the response security token to determine if the first portion of client security output data indicates that the client message processor is a trusted client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. In a distributed system including a requesting message processor that is communicatively coupled to a validating message processor so as to be able to communicate by transferring electronic messages, the requesting message processor further including a security token processing interface for transferring security tokens that can encapsulate security data of any of one or more different formats, a method determining if a client message processor is a trusted client such that the need to have multiple protocols stacks to transfer security assertions and security responses is reduced at least at the requesting message processor, the method comprising:
-
an act of identifying client security input data of a first format that is to be transferred to the validating message processor;
an act of encapsulating at least a portion of the client security input data within a client security token such that the client security token can be processed by a corresponding validating token processing interface at the validating message processor to determine if the client message processor is a trusted client;
a step for exchanging security tokens via an abstract interface; and
an act of processing a response security token to determine if a first portion of client security output data indicates that the client message processor is a trusted
-
-
21. In a distributed system including a validating message processor that is communicatively coupled to a requesting message processor so as to be able to communicate by transferring electronic messages, the validating message processor further including a security token processing interface for transferring security tokens that can encapsulate security data of any of one or more different formats, a method for determining if a client message processor represented by a client security token is a trusted client such that the need to maintain multiple protocol stacks to transfer security assertions and security responses is reduced at least at the validating message processor, the method comprising:
-
an act of the validating message processor receiving a client security token from the requesting message processor, the client security token encapsulating client a portion of security input data of a first format;
an act of, based on the portion of client security input data, selecting at least a first portion of client security output data of a second format, the first portion of security output data indicating if the client message processor is a trusted client;
an act of encapsulating the first portion of client security output data within a response security token such that the response security token can be processed by the requesting message processor to indicate to the requesting message processor if the client message processor is a trusted client; and
an act of the validating token processing interface sending the response security token to the requesting message processor. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. In a distributed system including a validating message processor that is communicatively coupled to a requesting message processor so as to be able to communicate by transferring electronic messages, the validating message processor further including a security token processing interface for transferring security tokens that can encapsulate security data of any of one or more different formats, a method determining if a client message processor represented by a client security token is a trusted client such that the need to maintain multiple protocol stacks to transfer security assertions and security responses is reduced at least at the validating message processor, the method comprising:
-
an act of the validating message processor receiving the client security token from the requesting message processor, the client security token encapsulating a portion of client security input data of a first format;
an act of, based on the portion of client security input data, selecting at least a first portion of client security output data of a second format, the security output data indicating if the client message processor is a trusted client; and
a step for abstracting at least the first portion of client security output data.
-
-
34. A computer program product for used in a distributed system including a requesting message processor that is communicatively coupled to a validating message processor so as to be able to communicate by transferring electronic messages, the requesting message processor further including a security token processing interface for transferring security tokens that can encapsulate security data of any of one or more different formats, the computer program product for implementing a method for determining if a client message processor is a trusted client such that the need to have multiple protocols stacks to transfer security assertions and security responses is reduced at least at the requesting message processor, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for identifying client security input data of a first format that is to be transferred to the validating message processor;
computer-executable instructions for encapsulating at least a portion of the client security input data within a client security token such that the client security token can be processed by a corresponding validating token processing interface at the validating message processor to determine if the client message processor is a trusted client;
computer-executable instructions for causing the requesting message processor to send the client security token to the validating message processor;
computer-executable instructions for causing the requesting message processor to receive a response security token from the validating message processor, the response security token encapsulating a first portion of client security output data of a second format; and
computer-executable instructions for processing the response security token to determine if the first portion of client security output data indicates that the client message processor is a trusted client.
-
-
35. A computer program product for use in a distributed system including a validating message processor that is communicatively coupled to a requesting message processor so as to be able to communicate by transferring electronic messages, the validating message processor further including a security token processing interface for transferring security tokens that can encapsulate security responses of any of one or more different formats, the computer program product for implementing a method for determining if a client message processor represented by a client security token is a trusted client such that the need to maintain multiple protocol stacks to transfer security assertions and security responses is reduced at least at the validating message processor, the computer program product comprising one or more computer-readable media having stored thereon the following:
-
computer-executable instructions for the validating message processor to receive the client security token from the requesting message processor, the client security token encapsulating a portion of client security input data of a first format;
computer-executable instructions for, based on the portion of client security input data, selecting at least a first portion of client security output data of a second format, the first portion of security output data indicating if the client message processor is a trusted client;
computer-executable instructions for encapsulating the first portion of client security output data within a response security token such that the response security token can be processed by the requesting message processor to indicate to the requesting message processor if the client message processor is a trusted client; and
computer-executable instructions for causing the validating token processing interface to send the response security token to the requesting message processor.
-
-
36. One or more computer-readable media having stored thereon a data structure, the data structure comprising:
-
a application data field representing application data from a client message processor that is to be routed to a server message processor; and
a client security token field representing one or more encapsulated security assertions submitted by a requesting message processor to attempt to cause a server message processor to trust the application data represented in the application data field. - View Dependent Claims (37, 38)
-
-
39. One or more computer-readable media having stored thereon a data structure, the data structure comprising:
-
a application data field representing application data from a client message processor that is to be routed to a server message processor; and
a response security token field representing one or more encapsulated security responses returned by a validating message processor to indicate to a requesting message processor if the client message processor, which sent the application data represented in the application data field, is to be trusted. - View Dependent Claims (40, 41)
-
Specification