Authentication of a principal in a federation

US 20070143829A1
Filed: 12/15/2005
Published: 06/21/2007
Est. Priority Date: 12/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method of authentication of a principal in a federation, the method comprising:

authenticating the principal by an identity provider according to a service provider'"'"'s authentication policy; and

recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program products are disclosed that give entities flexibility to implement custom authentication methods of other entities for authentication of a principal in a federation by authenticating the principal by an identity provider according to a service provider'"'"'s authentication policy and recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy. Authentication of a principal in a federation is also carried out by authenticating the principal by the identity provider according to an identity provider'"'"'s authentication policy. Authentication of a principal in a federation is further carried out by receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider'"'"'s authentication policy.

131 Citations

20 Claims

1. A method of authentication of a principal in a federation, the method comprising:
- authenticating the principal by an identity provider according to a service provider'"'"'s authentication policy; and
  
  recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprises authenticating the principal by the identity provider according to an identity provider'"'"'s authentication policy.
  - 3. The method of claim 1 further comprises receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider'"'"'s authentication policy.
  - 4. The method of claim 1 wherein authenticating the principal further comprises authenticating the principal by an access manager of the identity provider.
  - 5. The method of claim 1 wherein authenticating the principal further comprises authenticating the principal by an authentication proxy of the identity provider.
  - 6. The method of claim 1 further comprises:
    - receiving in the service provider a request of the principal for access to a resource of the service provider;
      
      determining by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy; and
      
      sending by the service provider to the identity provider an authentication request specifying the service provider'"'"'s authentication policy.
  - 7. The method of claim 1 further comprising:
    - receiving an authentication response by the service provider from the identity provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy; and
      
      recording in session data of the service provider the authentication credential.

8. A system for authentication of a principal in a federation, the system comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions capable of:
- authenticating the principal by an identity provider according to a service provider'"'"'s authentication policy; and
  
  recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8 further comprising computer program instructions capable of receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider'"'"'s authentication policy.
  - 10. The system of claim 8 further comprising computer program instructions capable of:
    - receiving in the service provider a request of the principal for access to a resource of the service provider;
      
      determining by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy; and
      
      sending by the service provider to the identity provider an authentication request specifying the service provider'"'"'s authentication policy.
  - 11. The system of claim 8 further comprising computer program instructions capable of:
    - receiving an authentication response by the service provider from the identity provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy; and
      
      recording in session data of the service provider the authentication credential.

12. A computer program product for authentication of a principal in a federation, the computer program product disposed upon a signal bearing medium, the computer program product comprising computer program instructions capable of:
- authenticating the principal by an identity provider according to a service provider'"'"'s authentication policy; and
  
  recording in session data of the identity provider an authentication credential satisfying the service provider'"'"'s authentication policy.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer program product of claim 12 wherein the signal bearing medium comprises a recordable medium.
  - 14. The computer program product of claim 12 wherein the signal bearing medium comprises a transmission medium.
  - 15. The computer program product of claim 12 further comprising computer program instructions capable of authenticating the principal by the identity provider according to an identity provider'"'"'s authentication policy.
  - 16. The computer program product of claim 12 further comprising computer program instructions capable of receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider'"'"'s authentication policy.
  - 17. The computer program product of claim 12 wherein authenticating the principal further comprises authenticating the principal by an access manager of the identity provider.
  - 18. The computer program product of claim 12 wherein authenticating the principal further comprises authenticating the principal by an authentication proxy of the identity provider.
  - 19. The computer program product of claim 12 further comprising computer program instructions capable of:
    - receiving in the service provider a request of the principal for access to a resource of the service provider;
      
      determining by the service provider that an authentication credential of the request does not satisfy the service provider'"'"'s authentication policy; and
      
      sending by the service provider to the identity provider an authentication request specifying the service provider'"'"'s authentication policy.
  - 20. The computer program product of claim 12 further comprising computer program instructions capable of:
    - receiving an authentication response by the service provider from the identity provider, the authentication response including the authentication credential satisfying the service provider'"'"'s authentication policy; and
      
      recording in session data of the service provider the authentication credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Moran, Anthony, Hinton, Heather

Granted Patent

US 8,418,234 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 67/14   Session management for real...

Authentication of a principal in a federation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

131 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Authentication of a principal in a federation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others