Federated identity management within a distributed portal server
First Claim
Patent Images
1. A method of providing cross-domain authentication in a computing environment, comprising steps of:
- providing security credentials of an entity to an initial point of contact in the computing environment;
passing the provided credentials from the initial point of contact to a trust proxy;
authenticating the passed credentials with an authentication service in a local security domain of the trust proxy; and
using the authentication performed by the local authentication service to seamlessly authenticate the entity to one or more selected remote security domains.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for federating identity management within a distributed portal server, leveraging Web services techniques and a number of industry standards. Identities are managed across autonomous security domains which may be comprised of independent trust models, authentication services, and user enrollment services. The disclosed techniques enable integrating third-party Web services-based portlets, which rely on various potentially-different security mechanisms, within a common portal page.
-
Citations
20 Claims
-
1. A method of providing cross-domain authentication in a computing environment, comprising steps of:
-
providing security credentials of an entity to an initial point of contact in the computing environment;
passing the provided credentials from the initial point of contact to a trust proxy;
authenticating the passed credentials with an authentication service in a local security domain of the trust proxy; and
using the authentication performed by the local authentication service to seamlessly authenticate the entity to one or more selected remote security domains. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for enabling an entity to have seamless access to a plurality of aggregated services which have different identity requirements, comprising:
-
means for initially authenticating the entity, by a first authentication component, using an identity provided by the entity;
means for mapping the provided identification to the differing identity requirements of at least one service to be aggregated, thereby establishing mapped identity requirements for each of the at least one services;
means for subsequently authenticating the entity, by an authentication component associated with each of the at least one services, using the mapped identity requirements; and
means for aggregating each of the at least one services and a service associated with the initial authentication component, if the authentications thereof are successful, into an aggregated result. - View Dependent Claims (17, 18)
-
-
19. A computer program product for providing federated identity management within a distributed content aggregation framework, the computer program product embodied on one or more computer-readable media and comprising:
-
computer-readable program code means for providing, to the content aggregation framework by a using entity, initial identity information;
computer-readable program code means for authenticating the initial identity information by a first authentication service in a first security domain;
computer-readable program code means for conveying results of the authentication by the first authentication service to one or more selected other authentication services associated with one or more other security domains; and
computer-readable program code means for using the conveyed results to authenticate the using entity to each of the selected other authentication services, without requiring the using entity to provide additional identity information. - View Dependent Claims (20)
-
Specification