Method and system for enabling trust infrastructure support for federated user lifecycle management

US 20060021018A1
Filed: 07/21/2004
Published: 01/26/2006
Est. Priority Date: 07/21/2004
Status: Abandoned Application

First Claim

Patent Images

1. A data processing system comprising:

means for implementing a federated user lifecycle management service within a computing environment, wherein the computing environment is associated with a plurality of computing environments as a federated computing environment; and

means for implementing, within the computing environment, a trust service that provides trust functionality for the federated user lifecycle management service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system are presented in which computing environments of different enterprises interact within a federated computing environment. Federated operations can be initiated at the computing environments of federation partners on behalf of a user at a different federated computing environment. A point-of-contact service relies upon a trust service to manage trust relationships between a computing environment and computing environments of federation partners. The trust service employs a key management service, an identity/attribute service, and a security token service. A federated user lifecycle management service implements federated user lifecycle functions and interacts with the point-of-contact service and the trust service.

159 Citations

18 Claims

1. A data processing system comprising:
- means for implementing a federated user lifecycle management service within a computing environment, wherein the computing environment is associated with a plurality of computing environments as a federated computing environment; and
  
  means for implementing, within the computing environment, a trust service that provides trust functionality for the federated user lifecycle management service.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data processing system of claim 1 wherein the trust service further comprises:
    - means for interfacing with a key management service, wherein the key management service includes means for managing cryptographic keys that are used for securing communicating with the computing environment;
      
      means for interfacing with an identity/attribute service, wherein the identity/attribute service includes means for managing identities and/or attributes contained within a security token that is processed by the trust service; and
      
      means for interfacing with a security token service, wherein the security token service includes;
      
      means for generating security tokens or security assertions that are sent from the computing environment; and
      
      means for validating security tokens or security assertions received at the computing environment.
  - 3. The data processing system of claim 2 further comprising:
    - means for interfacing the federated user lifecycle management service to the trust service such that the trust service hides details of the means for interfacing with a key management service, the means for interfacing with an identity/attribute service, and the means for interfacing with a security token service from the federated user lifecycle management service.
  - 4. The data processing system of claim 1 wherein the federated user lifecycle management service and the trust service are implemented on the same server.
  - 5. The data processing system of claim 1 wherein the federated user lifecycle management service and the trust service are implemented within the same application.
  - 6. The data processing system of claim 1 wherein the federated user lifecycle management service and the trust service are implemented within the same domain.

7. A method for providing federated functionality within a data processing system, the method comprising:
- implementing a federated user lifecycle management service within a computing environment, wherein the computing environment is associated with a plurality of computing environments as a federated computing environment; and
  
  implementing, within the computing environment, a trust service that provides trust functionality for the means for responding to requests for access to federated user lifecycle management functions.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 further comprising:
    - invoking a key management service by the trust service, wherein the key management service manages cryptographic keys that are used for securing communicating with the computing environment;
      
      invoking an identity/attribute service by the trust service, wherein the identity/attribute service manages identities and/or attributes contained within a security token that is processed by the trust service; and
      
      invoking a security token service by the trust service, wherein the security token service generates security tokens or security assertions that are sent from the computing environment and validates security tokens or security assertions received at the computing environment.
  - 9. The method of claim 8 further comprising:
    - interfacing the federated user lifecycle management service to the trust service such that the trust service hides details of the means for interfacing with a key management service, the means for interfacing with an identity/attribute service, and the means for interfacing with a security token service from the federated user lifecycle management service.
  - 10. The method of claim 7 wherein the federated user lifecycle management service and the trust service are implemented on the same server.
  - 11. The method of claim 7 wherein the federated user lifecycle management service and the trust service are implemented within the same application.
  - 12. The method of claim 7 wherein the federated user lifecycle management service and the trust service are implemented within the same domain.

13. A computer program product on a computer readable medium for use in a data processing system for providing federated functionality, the computer program product comprising:
- means for implementing a federated user lifecycle management service within a computing environment, wherein the computing environment is associated with a plurality of computing environments as a federated computing environment; and
  
  means for implementing, within the computing environment, a trust service that provides trust functionality for the means for responding to requests for access to federated user lifecycle management functions.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13 further comprising:
    - means for invoking a key management service by the trust service, wherein the key management service manages cryptographic keys that are used for securing communicating with the computing environment;
      
      means for invoking an identity/attribute service by the trust service, wherein the identity/attribute service manages identities and/or attributes contained within a security token that is processed by the trust service; and
      
      means for invoking a security token service by the trust service, wherein the security token service generates security tokens or security assertions that are sent from the computing environment and validates security tokens or security assertions received at the computing environment.
  - 15. The computer program product of claim 14 further comprising:
    - interfacing the federated user lifecycle management service to the trust service such that the trust service hides details of the means for interfacing with a key management service, the means for interfacing with an identity/attribute service, and the means for interfacing with a security token service from the federated user lifecycle management service.
  - 16. The computer program product of claim 13 wherein the federated user lifecycle management service and the trust service are implemented on the same server.
  - 17. The computer program product of claim 13 wherein the federated user lifecycle management service and the trust service are implemented within the same application.
  - 18. The computer program product of claim 13 wherein the federated user lifecycle management service and the trust service are implemented within the same domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wardrop, Patrick Ryan, Hinton, Heather Maria, Falola, Dolapo Martin, Moran, Anthony Scott

Application Number

US10/896,286
Publication Number

US 20060021018A1
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/0815   providing single-sign-on or...

H04L 63/166   at the transport layer

Method and system for enabling trust infrastructure support for federated user lifecycle management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

159 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enabling trust infrastructure support for federated user lifecycle management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links