Affiliations within single sign-on systems

US 20060080730A1
Filed: 10/12/2004
Published: 04/13/2006
Est. Priority Date: 10/12/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for establishing an affiliation within a single sign-on system, comprising the steps of:

defining a group of service providers that act as a single entity on a network for purposes of any of authentication, federation, and authorization;

defining an owner of said affiliation that is responsible for maintaining a list that shows which service providers are members of said affiliation, as well as any control structure or meta-data associated with said affiliation; and

providing a unique identifier for each affiliation within said single sign-on system in which said affiliation is defined.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides an affiliation within a single sign-on system, which affiliation comprises a group of service providers that have chosen to act as a single entity on a network from the point of view of authentication, federation, and authorization. This type of entity is used to implement functionality within a portal site, such as the Yahoo (see http://www.yahoo.com) portal with a Travelocity (see http://www.travelocity.com/) travel section that acts as part of Yahoo and not as part of Travelocity. In the preferred embodiment, there is an owner of the affiliation that is responsible for maintaining a list that shows which service providers are members of the affiliation, as well as any control structure or meta-data associated with the affiliation. Each affiliation must have an identifier that is unique within the single sign-on system in which the affiliation is defined. User actions associated with the affiliation apply to all entities within the affiliation.

51 Citations

View as Search Results

23 Claims

1. A method for establishing an affiliation within a single sign-on system, comprising the steps of:
- defining a group of service providers that act as a single entity on a network for purposes of any of authentication, federation, and authorization;
  
  defining an owner of said affiliation that is responsible for maintaining a list that shows which service providers are members of said affiliation, as well as any control structure or meta-data associated with said affiliation; and
  
  providing a unique identifier for each affiliation within said single sign-on system in which said affiliation is defined.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said network comprises:
    - a web services-based service infrastructure in which users manage sharing of is their personal information across identity providers and service providers.
  - 3. The method of claim 2, wherein said web services implement a lightweight protocol for exchange of information in a decentralized, distributed environment.
  - 4. The method of claim 3, wherein said protocol comprises:
    - an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined data types, and a convention for representing remote procedure calls and responses.

5. An apparatus for establishing an affiliation within a single sign-on system, comprising:
- a plurality of principals that can acquire a federated identity and be authenticated and vouched for by an identity provider;
  
  an identity provider for authenticating and vouching for principals;
  
  a plurality of service providers that act as a single entity with regard to authentication, federation and authorization to establish a single sign-on system within which such affiliation cooperates; and
  
  at least one service associated with each service provider which comprises a grouping of common functionality comprising at least one method that callers can use to manipulate information managed by said service with regard to a particular principal.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5, further comprising:
    - a web service provider for hosting personal web services which invoke web service methods at said web service provider.
  - 7. The apparatus of claim 6, further comprising:
    - a web service consumer for accessing a user'"'"'s personal web services by communicating with said web service provider.
  - 8. The apparatus of claim 7, further comprising:
    - a discovery service for enabling said web service consumer to discover service information regarding a user'"'"'s personal web services.

9. A method for establishing an affiliation within a single sign-on system, comprising the steps of:
- defining a group of service providers that act as a single entity on a network for purposes of any of authentication, federation, and authorization;
  
  providing a plurality of principals that can acquire a federated identity and be authenticated and vouched for by an identity provider; and
  
  providing an identity provider for authenticating and vouching for principals.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 10. The method of claim 9, further comprising the steps of:
    - a principal logging into said identity provider;
      
      said principal visiting a first service provider and federating to said group; and
      
      said principal then visiting any other service provider within said group.
  - 11. The method of claim 9, further comprising the step of:
    - defining an owner of said affiliation that is responsible for maintaining a list that shows which service providers are members of said affiliation, as well as any control structure or meta-data associated with said affiliation.
  - 12. The method of claim 9, further comprising the step of:
    - providing a unique identifier for each affiliation within said single sign-on system in which said affiliation is defined.
  - 13. The method of claim 9, further comprising the step of:
    - providing a discovery service for enabling a web service consumer to discover service information regarding a user'"'"'s personal web services.
  - 14. The method of claim 13, further comprising the step of:
    - providing a web service consumer associated with a service provider for requesting a service descriptor and assertion for service from said discovery service and for presenting an assertion from said other service provider with affiliate information.
  - 15. The method of claim 14, further comprising the step of:
    - said discovery service checking said other service provider affiliation and generating a service assertion based upon said other service provider affiliation.
  - 16. The method of claim 15, further comprising the step of:
    - said web service consumer invoking a service with said service assertion via a web service provider.
  - 17. The method of claim 9, wherein said group has an identifier that is unique within a single sign-on system in which said group is defined.
  - 18. The method of claim 9, wherein service providers within a single sign-on system may be members of multiple groups, but can only act with a single affiliation for any given transaction.
  - 19. The method of claim 9, wherein a user federating with a group automatically federates with all members of said group.
  - 20. The method of claim 9, wherein a user authorizing access to a service by said federation authorizes access to any member of said group.
  - 21. The method of claim 9, further comprising the step of:
    - providing a unique identifier for any service provider/group affiliation. wherein if a same service provider using a same service provider identity requests an identity of a user through different group affiliations, said service provider receives different, unique identifiers for each group affiliation.
  - 22. The method of claim 9, further comprising the step of:
    - providing a same identifier to all members of said group when they are acting as a part of said group affiliation.
  - 23. The method of claim 9, further comprising the step of:
    - providing an affiliation name identifier for allowing sites to handle an automatic federation that take place with all members of said group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AOL LLC (Apollo Global Management, Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Cahill, Conor, Toomey, Christopher Newell, Feng, Andrew An

Application Number

US10/772,843
Publication Number

US 20060080730A1
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41 where a single sign-on prov...

H04L 63/0815 providing single-sign-on or...

Affiliations within single sign-on systems

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Affiliations within single sign-on systems

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others