Router for managing trust relationships
First Claim
Patent Images
1. A method of managing trust relationships between federated identity and service providers, the method comprising:
- receiving an assertion of a user identity from an identity provider via a first federation protocol, wherein a destination service provider is indicated with the assertion;
verifying permission of the user identity to access the destination service provider; and
asserting the user identity to the destination service provider via a second federation protocol.
8 Assignments
0 Petitions
Accused Products
Abstract
One embodiment relates to a method of managing trust relationships between federated identity and service providers. An assertion of a user identity is received from an identity provider via a first federation protocol, wherein a destination service provider is indicated with the assertion. Permission of the user identity to access the destination service provider is verified. If permission is verified, the user identity is asserted to the destination service provider via a second federation protocol. Other embodiments and features are also disclosed.
-
Citations
15 Claims
-
1. A method of managing trust relationships between federated identity and service providers, the method comprising:
-
receiving an assertion of a user identity from an identity provider via a first federation protocol, wherein a destination service provider is indicated with the assertion; verifying permission of the user identity to access the destination service provider; and asserting the user identity to the destination service provider via a second federation protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A router for managing trust relationships between federated identity and service providers, the router comprising a processor and memory, wherein the memory includes:
-
computer-readable code configured to receive an assertion of a user identity from an identity provider via a first federation protocol, wherein a destination service provider is indicated with the assertion; computer-readable code configured to verify permission of the user identity to access the destination service provider; computer-readable code configured to determine a second federation protocol which is compatible to the destination service provider; and computer-readable code configured to assert the user identity to the destination service provider via the second federation protocol. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An apparatus for managing trust relationships between federated identity and service providers, the apparatus comprising:
-
means for intercepting an assertion of a user identity from an identity provider, wherein a destination service provider is indicated with the assertion; means for checking permission of the user identity to access the destination service provider; means for constructing a view of the user identity for presentation to the destination service provider; and means for sending the constructed view of the user identity to the destination service provider. - View Dependent Claims (15)
-
Specification