Crafted identities

US 20070061263A1
Filed: 09/14/2005
Published: 03/15/2007
Est. Priority Date: 09/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request to create a crafted identity from a principal;

assembling roles and/or permissions for the crafted identity for accessing desired resources; and

creating a statement representing the crafted identity, wherein the statement includes the roles, the permissions, and/or identifier information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Crafted identities are provided. A statement is provided to the principal for using a crafted identity. The statement includes an identifier that provides access to a resource when presented by the principal to the resource. The statement also includes one or more roles and permissions for the crafted identity when accessing the resource.

Citations

30 Claims

1. A method, comprising:
- receiving a request to create a crafted identity from a principal;
  
  assembling roles and/or permissions for the crafted identity for accessing desired resources; and
  
  creating a statement representing the crafted identity, wherein the statement includes the roles, the permissions, and/or identifier information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein creating further includes creating the identity information for the resources to validate the crafted identity, and creating the roles and/or permissions for defining access rights of the crafted identity to the resources.
  - 3. The method of claim 1, wherein assembling and creating further include accessing a policy that drives the assembling of the roles and/or permissions and that drives the format of the statement that represents the crafted identity.
  - 4. The method of claim 1, wherein assembling further includes expressing the roles and/or permissions as at least one of a static definition and a dynamic specification, wherein the dynamic specification is resolved when access to the resources are attempted using the statement.
  - 5. The method of claim 1 further comprising, associating a policy within the statement that dictates context-sensitive or context-driven access rights for particular ones of the resources.
  - 6. The method of claim 1 further comprising, accumulating the identifier information from one or more identity repositories.
  - 7. The method of claim 1 further comprising, providing a token to the principal to acquire the statement for the crafted identity.
  - 8. The method of claim 7, wherein receiving further includes accessing a contract with the request that defines policies for creating the statement of the crafted identity.
  - 9. The method of claim 1, wherein creating further includes representing the identifier information of the statement in a format of at least one of encrypted and an assertion.
  - 10. The method of claim 1 further comprising, signing the statement.

11. A method, comprising:
- accessing a statement to acquire an identifier that is associated with a crafted identity, and wherein the crafted identity is associated with a principal; and
  
  presenting the identifier to acquire access to a resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein presenting further includes maintaining anonymity of the principal via the identifier.
  - 13. The method of claim 11 further comprising:
    - acquiring a key from the statement; and
      
      presenting the key to the resource for access.
  - 14. The method of claim 13, wherein acquiring further includes at least one of:
    - decrypting the key from the statement; and
      
      recognizing the key as an assertion.
  - 15. The method of claim 11 further comprising, signing the statement, and wherein a signature of the statement is the identifier information.
  - 16. The method of claim 11 further comprising passing a token to an identity service to initially acquire the statement for the crafted identity.
  - 17. The method of claim 11 further comprising, completing a financial transaction with the resource during access.
  - 18. The method of claim 11 further comprising, determining limitations of access to the resource from at least one of a policy acquired from the statement and roles and/or permissions acquired from the statement.

19. A system, comprising:
- a statement for a crafted identity; and
  
  an identity service, wherein the identity service is to produce the statement for a principal and wherein the principal is to use the statement to present an identifier from the statement as the crafted identity when accessing a resource.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein the statement includes roles and/or permissions for the crafted identity, and wherein the roles and permissions are to define limitations on access to the resource for the principal.
  - 21. The system of claim 19, wherein the identity service is to acquire a contract in a creation request from the principal, and wherein the contract defines limitations and a format of the statement.
  - 22. The system of claim 19, wherein the identifier is included within the statement as at least one of an assertion and an encrypted identifier.
  - 23. The system of claim 19, wherein the identity service is to maintain and to manage the crafted identity and the statement according to a policy.
  - 24. The system of claim 23, wherein the statement is to be associated with a different policy that defines access rights to the resource according to given contexts.

25. A data structure implemented in a machine-accessible medium for providing access to a resource, the data structure comprising:
- one or more identifiers;
  
  policies; and
  
  roles and/or permissions for one or more resources;
  
  wherein the one or more identifiers are to be validated by the resources as an identity having access rights to the resources, and wherein the policies are to define for a principal limitations on the access rights within given contexts, and the roles and/or permissions define the access rights for the principal, and wherein the principal is to use the one or more identifiers to access the one or more resources.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The data structure of claim 25, wherein the data structure is to be provided to the principal from an identity service.
  - 27. The data structure of claim 26, wherein data structure is to be signed by at least one of the principal and the identity service.
  - 28. The data structure of claim 25, wherein the data structure is to be maintained and managed by an identity service according to a crafted identity policy.
  - 29. The data structure of claim 28, wherein the data structure is to be acquired from the identity service when needed by the principal with a token.
  - 30. The data structure of claim 28, wherein the roles and/or permissions are adapted to be at least one of processed statically and processed dynamically.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen, Olds, Dale, Burch, Lloyd

Granted Patent

US 10,063,523 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

H04L 63/0421   Anonymous communication, i....

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Crafted identities

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Crafted identities

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links