Systems and methods for enabling trust in a federated collaboration
First Claim
1. A method for communicating requests over a network, the method comprising:
- receiving an indication of a request for access to a resource;
responsive to a determination that a trust relationship with a requester exists, specifying a data structure in accordance with a predetermined policy and comprising an attribute associated with the requester;
associating the data structure with the request;
digitally signing the data structure; and
transmitting the data structure to a service provider.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods consistent with the present invention enable explicit and multilateral trust across a community of federated servers via a network. A trusted third party establishes a framework of policies and procedures governing a federation. Organizations joining the federation submit to an audit process of internal policies and procedures to ensure compliance with the policies and procedures of the federation. Upon successful completion of an audit, an organization may receive a digital certificate containing the digital public key of the organization and indicating approval of the trusted third party. The organization may then use the associated digital private key for signing security assertions associated with a request for resources from another federation service provider. The service provider may trust the assertion from the organization based on trust placed in trusted third party by the service provider and the trust placed in the organization by the trusted third party.
526 Citations
48 Claims
-
1. A method for communicating requests over a network, the method comprising:
-
receiving an indication of a request for access to a resource;
responsive to a determination that a trust relationship with a requester exists, specifying a data structure in accordance with a predetermined policy and comprising an attribute associated with the requester;
associating the data structure with the request;
digitally signing the data structure; and
transmitting the data structure to a service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for providing a request over a network, the system comprising:
-
a receiving component configured to receive an indication of the request;
a specifying component configured to specify, responsive to a determination that a trust relationship exists, a data structure in accordance with a predetermined policy and comprising an attribute associated with a requester;
an associating component configured to associate the data structure with the request;
a digital signing component configured to digitally sign the data structure; and
a transmitting component configured to transmit the data structure to a service provider over the network. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer readable medium with code embodied therein for performing a method for providing a request over a network, the method comprising:
-
receiving an indication of the request;
responsive to a determination that a trust relationship exists, specifying a data structure in accordance with a predetermined policy and comprising an attribute associated with a requester;
associating the data structure with the request;
digitally signing the data structure; and
transmitting the data structure to a service provider.
-
-
26. A method for receiving a resource over a network, the method comprising:
-
determining credentials associated with a requester requesting a resource;
creating a first data structure in accordance with a policy, wherein the first data structure comprises an attribute associated with the credentials;
associating the first data structure with a second data structure containing the request for a resource;
processing a set comprising the first data structure and second data structure to yield a resulting digitally signed data structure;
providing the digitally signed data structure to a service provider via the network; and
receiving the requested resource via the network from the service provider, wherein the service provider transmits the requested resource to the requester based on a first relationship between the service provider and a trusted third party and a second relationship between the trusted third party and the requester. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for receiving a resource over a network, the system comprising:
-
a determining component configured to determine credentials associated with a request for a resource from a requester;
a creating component configured to create a first data structure in accordance with a policy, wherein the first data structure comprises an attribute associated with the credentials;
a grouping component configured to group the first data structure with a second data structure containing the request for a resource;
a processing component configured to process a group comprising the first data structure and second data structure to yield a resulting digitally signed data structure;
a providing component configured to provide the resulting digitally signed data structure to a service provider via the network; and
a receiving component configured to receive the requested resource via the network from the service provider, wherein the service provider transmits the requested resource to the requester based on a first relationship between the service provider and a trusted third party and a second relationship between the trusted third party and the requester. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A computer readable medium with code embodied therein for performing a method for receiving a resource over a network, the method comprising:
-
determining credentials associated with a requester requesting a resource;
creating a first data structure in accordance with a policy, wherein the first data structure comprises an attribute associated with the credentials;
associating the first data structure with a second data structure containing the request for a resource;
processing a set comprising the first data structure and second data structure to yield a resulting digitally signed data structure;
providing the digitally signed data structure to a service provider via the network; and
receiving the requested resource via the network from the service provider, wherein the service provider transmits the requested resource to the requester based on a first relationship between the service provider and a trusted third party and a second relationship between the trusted third party and the requester.
-
-
48. A method for enabling transitive trust in a federated network configuration, the method comprising:
-
developing, by actions of a trusted third party, policies related to operating the federated network configuration, wherein the policies include procedures for;
associating attributes with a request from a requester, for a resource, digitally signing, by the requester, the attributes and the request for a resource, transmitting the requested resource, by a service provider, to the requester based on trust established between the service provider and the trusted third party, and trust established between the trusted third party and the requester;
granting access to the policies;
auditing an applicant to the federated network configuration for compliance with the policies; and
issuing an artifact to the applicant.
-
Specification