Identity validation
First Claim
Patent Images
1. A method, comprising:
- receiving a sign-on token from a principal;
requesting first principal attributes from an identity service;
acquiring second principal attributes; and
validating the principal for access when the first principal attributes match the second principal attributes.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for validating identities are provided. A sign-on request is authenticated for a given principal. Attributes associated with that principal are acquired from an identity service and compared against local maintained attributes for that principal. If the identity-service acquired attributes match the local attributes, then the principal is validated for access. During principal access, selective events drive updates to the identity-service acquired attributes, and the comparison with the local attributes is performed again to determine whether the validated principal is to be invalidated or is to remain validated.
-
Citations
26 Claims
-
1. A method, comprising:
-
receiving a sign-on token from a principal; requesting first principal attributes from an identity service; acquiring second principal attributes; and validating the principal for access when the first principal attributes match the second principal attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
detecting an event during a session with a principal; evaluating a policy in response to the event; acquiring first attributes from an identity service; comparing the first attributes against second attributes; and deciding to terminate the session when the policy prohibits or when the first attributes do not match the second attributes. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method, comprising:
-
identifying a principal that is requesting access; acquiring information on the principal from an identity service; locating local information on the principal; and validating the principal as legitimate when the information matches the local information. - View Dependent Claims (15, 16, 17)
-
-
18. A system, comprising:
-
an identity service; and a service provider, wherein the service provider is to interact with principals requesting access to local and external services of the service provider, and wherein the principals acquire credentials from the identity service to access the service provider, the service provider initially acquires attributes from the principals during first accesses and with each access the service provider consults the identity service for updated attributes of the principals, the updated attributes are compared against the initially acquired attributes to determine whether access is permissible to the local and external services. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
Specification