Identity system for use in a computing environment
First Claim
1. A system for identifying principals within a computing environment, the system comprising:
- a plurality of principal objects, wherein each principal object corresponds to a specific principal authenticated to perform a digital action within the computing environment and wherein each principal object is operable for use by a computer process within the computing environment to associate a plurality of resource objects with the specific principal corresponding to the principal object; and
a plurality of identity claims, wherein each identity claim uniquely identifies the specific principal corresponding to each specific principal object, and wherein at least one of the plurality of principal objects comprises two or more identity claims each uniquely identifying the specific principal corresponding to the at least one principal object.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for identifying principals within a computing environment is disclosed. The system includes principal objects containing identity claims. The principal objects are used by computer processes within the environment to perform tasks related to the association of principals to activated resource objects. Exemplary principals include individuals, a group of individuals, organizations and computer modules and devices. Each identity claim uniquely identifies a specific principal within a particular scheme. To accomplish this, each identity claim includes an assertion that specifies an identification string unique to a principal within the associated scheme. Exemplary schemes for an individual include email accounts, telephone numbers, credit card account numbers and social security numbers. Thus, exemplary identification strings for an individual are specific email addresses, specific telephone numbers, etc. Exemplary schemes for a group of individuals and organizations include telephone numbers and web page addresses. The system also determines whether two principal objects conflict, thereby resulting in an identity fault.
42 Citations
38 Claims
-
1. A system for identifying principals within a computing environment, the system comprising:
-
a plurality of principal objects, wherein each principal object corresponds to a specific principal authenticated to perform a digital action within the computing environment and wherein each principal object is operable for use by a computer process within the computing environment to associate a plurality of resource objects with the specific principal corresponding to the principal object; and
a plurality of identity claims, wherein each identity claim uniquely identifies the specific principal corresponding to each specific principal object, and wherein at least one of the plurality of principal objects comprises two or more identity claims each uniquely identifying the specific principal corresponding to the at least one principal object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for identifying a first principal within a computing environment, wherein the first principal is authenticated to perform a digital action within the computing environment, the system comprising:
-
a first principal object corresponding to the first principal, wherein the first principal object is operable for use by a computer process within the computing environment to associate at least one resource object with the first principal;
a plurality of identity claims, wherein each identity claim uniquely identifies the first principal, the first principal object including the plurality of identity claims such that the computer process may associate the at least one resource object with the first principal using any of the plurality of identity claims. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer readable medium having a data structure stored thereon for use in identifying a principal authenticated to perform a digital action within a computing environment, the data structure comprising:
-
a value assertion uniquely identifying the principal within a particular identification scheme;
a type assertion indicating the particular identification scheme corresponding to the value assertion; and
a time reference assertion specifying a time frame in which the principal is uniquely identified by the value assertion within the particular identification scheme. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A method for identifying a first principal authenticated to perform a digital action within a computing environment, the method comprising:
-
creating a principal object operable for use by a computer process within the computing environment to identify the first principal as being associated with a plurality of resource objects maintained within the computing environment;
associating with the principal object a first identity claim uniquely identifying the first principal within a particular identification scheme, wherein unique identification of the first principal within the particular identification scheme is accomplished by assignment of unique identification strings to each of a plurality of principals;
receiving a plurality of resource objects associated with a plurality of application programs, wherein each of the plurality of resource objects are associated with an identity reference comprising a declaration that links each resource object to the principal object; and
identifying within the computing environment each of the plurality of resource objects as being associated with the first principal based on the declaration links contained in the associated identity references, wherein the computer process utilizes identification of each of the plurality of resource objects to the first principal to perform at least one task in connection with each identified resource object. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification