Method and apparatus for managing identity information on a network

US 20050010547A1
Filed: 07/10/2003
Published: 01/13/2005
Est. Priority Date: 07/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing identity information on behalf of network services, the method comprising the steps of:

obtaining a first meta data record describing a first of said network services; and

utilizing said first meta data record to obtain a first service data record containing first identity management information for an user of the first network service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized identity management service includes a dynamically configured client interface that communication with a directory assess daemon. The data access daemon processes and fulfils requests by communicating with third party databases. A data access layer is interposed between the data access daemon and databases to allow the directories to be modified without affecting the data access daemon. Providing a self-configuring user interface facilitates rapid creation of network services and allows the services to be modified without manually reconfiguring the user interface. Common data format schemas facilitates deployment of new services on the network by allowing services to be defined to take advantage of the features provided by the identity management infrastructure.

53 Citations

View as Search Results

22 Claims

1. A method of managing identity information on behalf of network services, the method comprising the steps of:
- obtaining a first meta data record describing a first of said network services; and
  
  utilizing said first meta data record to obtain a first service data record containing first identity management information for an user of the first network service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising the step of utilizing the first meta data record to create an user interface for the user of the first network service to enable the user to view said first identity management information.
  - 3. The method of claim 1, further comprising the step of utilizing the first meta data record to create a first user interface for the user of the first network service to enable the user to modify said first identity management information.
  - 4. The method of claim 2, wherein the first user interface is dynamically configured during creation according to field information contained in the first meta data record.
  - 5. The method of claim 1, further comprising:
    - obtaining a second meta data record describing a second of said network services; and
      
      utilizing said second meta data record to obtain a second service data record containing second identity management information for a second user of the second network service.
  - 6. The method of claim 5, further comprising step of utilizing the second meta data record to create a second user interface for the user of the second network service to enable the second user to view said second identity management information.
  - 7. The method of claim 1, wherein the first identity management information includes first network service provisioning information for the user of the first network service.
  - 8. The method of claim 1, further comprising the step of denying access to the first network service where the first identity management information indicates that the user is not provisioned on the first network service.

9. A method of fulfilling identity management information requests from a network user, comprising:
- obtaining meta data associated with a network service;
  
  using the meta data to present an identity management user interface to an user of the network service; and
  
  populating the identity management user interface with identity information associated with the user.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the step of populating the identity management user interface comprises:
    - receiving a request for identity management information for the network service from the network user over the user interface;
      
      obtaining the identity information associated with the network user; and
      
      presenting the identity information to the network user via the user interface.
  - 11. The method of claim 10, wherein the step of obtaining the identity information comprises accessing an identity information database and retrieving a service record from said identity information database containing identity information associated with the network user.
  - 12. The method of claim 9, further comprising the step of modifying the identity information upon request of the network user.
  - 13. The method of claim 12, wherein the step of modifying the identity information comprises writing changes to the identity information to an identity information database.
  - 14. The method of claim 13, further comprising the step of validating at least one of the changes to the identity information and the identity information before writing the changes to the identity information to the identity information database.

15. An identity management infrastructure, comprising:
- an interface layer configured to receive first identity management requests from first network users of a first network service and second identity management requests from second network users of a second network service;
  
  a data access daemon configured to process the first and second identity management requests; and
  
  a data access layer configured to enable the data access daemon to access identity management data from at least one identity management database in connection with processing the identity management requests.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The identity management infrastructure of claim 15, wherein the data access layer comprises an API configured to communicate with the data access daemon, and an API configured to communicate with the identity management database containing the identity management data.
  - 17. The identity management infrastructure of claim 16, wherein the API is configured to communicate with the database utilizing at least one of Embedded Structured Query Language (ESQL), Open DataBase Connectivity (ODBC), Java DataBase Connectivity (JDBC), and Lightweight Data Access Protocol (LDAP).
  - 18. The identity management infrastructure of claim 15, wherein the data access daemon comprises a communications layer configured to facilitate communications with the interface layer, and a data access daemon core configured to provide identity management services.
  - 19. The identity management infrastructure of claim 18, wherein the data access daemon core comprises an API configured to interact with meta data structures and service structures retrieved from the identity management database.
  - 20. The identity management infrastructure of claim 19, wherein the meta data structures describe the network services, and wherein the service structures describe identity information associated with users of the network services.
  - 21. The identity management infrastructure of claim 18, wherein the data access daemon core further comprises an authentication module configured to authenticate the first and second network users and an authorization module configured to assess authorization levels associated with the first and second network users.
  - 22. The identity management infrastructure of claim 18, wherein the data access daemon core further comprises a validation module configured to validate data prior to modification of data in the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Carinci, Rocco W., Benedict, James A., Trudell, Keith K., Waddington, Joseph J.

Application Number

US10/616,561
Publication Number

US 20050010547A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

Method and apparatus for managing identity information on a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing identity information on a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links