Method and system for federated provisioning
First Claim
1. A data processing system comprising:
- a point-of-contact server, wherein the point-of-contact server receives incoming requests for access to resources identifiable within a domain, wherein the domain is associated with a plurality of domains within a federated computing environment;
a trust proxy, wherein the trust proxy generates authentication assertions and/or attribute assertions sent from the domain and validates authentication assertions and/or attribute assertions received at the domain; and
an application server that interfaces with the point-of-contact server for provisioning a user.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user is provisioned at a particular federated domain, the federated domain can provision the user to other federated domains within the federated environment. A provision operation may include creating or deleting an account for a user, pushing updated user account information including attributes, and requesting updates on account information including attributes.
-
Citations
22 Claims
-
1. A data processing system comprising:
-
a point-of-contact server, wherein the point-of-contact server receives incoming requests for access to resources identifiable within a domain, wherein the domain is associated with a plurality of domains within a federated computing environment;
a trust proxy, wherein the trust proxy generates authentication assertions and/or attribute assertions sent from the domain and validates authentication assertions and/or attribute assertions received at the domain; and
an application server that interfaces with the point-of-contact server for provisioning a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for providing federated functionality within a data processing system, the method comprising:
-
receiving an incoming request at a point-of-contact server to provision a user within a domain, wherein the domain is associated with a plurality of domains within a federated computing environment;
validating at a trust proxy security assertions received at the domain through the point-of-contact server;
initiating a provisioning operation within the domain by an application server that interfaces with the point-of-contact server. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer program product on a computer readable medium for use in a data processing system for providing federated functionality within the data processing system, the computer program product comprising:
-
means for receiving an incoming request at a point-of-contact server to provision a user within a domain, wherein the domain is associated with a plurality of domains within a federated computing environment;
means for validating at a trust proxy security assertions received at the domain through the point-of-contact server;
means for initiating a provisioning operation within the domain by an application server that interfaces with the point-of-contact server. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification