IDENTITY MIGRATION SYSTEM APPARATUS AND METHOD

US 20080104250A1
Filed: 10/29/2007
Published: 05/01/2008
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method to centralize identity management, the method comprising:

retrieving locally managed identities from at least one server;

merging the locally managed identities with centrally managed identities according to a plurality of rules;

creating an identity map that maps the locally managed identities to the centrally managed identities;

communicating the identity map to the at least one server; and

reassigning resources of the locally managed identities to the centrally managed identities in accordance with the identity map.

View all claims

26 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity migration agent operating on a local identity server and/or user computer retrieves locally managed identities for an identity migration server. The migration server merges the locally managed identities with centrally managed identities according to a plurality of rules, and creates an identity map that maps the locally managed identities to the centrally managed identities. The migration server communicates the identity map to the identity migration agent that reassigns resources of the locally managed identities to the centrally managed identities in accordance with the identity map. In certain embodiments, the migration server performs identity conflict checks and directs resource assignment rollback operations in response to a user request.

118 Citations

View as Search Results

19 Claims

1. A method to centralize identity management, the method comprising:
- retrieving locally managed identities from at least one server;
  
  merging the locally managed identities with centrally managed identities according to a plurality of rules;
  
  creating an identity map that maps the locally managed identities to the centrally managed identities;
  
  communicating the identity map to the at least one server; and
  
  reassigning resources of the locally managed identities to the centrally managed identities in accordance with the identity map.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein at least two of the locally managed identities each correspond to a non-unique identifier.
  - 3. The method of claim 1, wherein the locally managed identities comprise at least one identity group that comprises at least one identity and at least one related identity.
  - 4. The method of claim 1, wherein at least one of the centrally managed identities comprises a pre-existing centrally managed identity.
  - 5. The method of claim 1, wherein the locally managed identities and the centrally managed identities correspond to distinct platforms.
  - 6. The method of claim 1, further comprising storing the locally managed identities in a centralized identity data store to facilitate merging the locally managed identities with the centrally managed identities.

7. An apparatus to centralize identity management, the apparatus comprising:
- a communication module configured to receive locally managed identities from at least one migration agent;
  
  an identity merge module configured to merge locally managed identities with centrally managed identities according to a plurality of rules;
  
  an identity map module configured to create an identity map that maps the locally managed identities to the centrally managed identities; and
  
  the communication module configured to communicate the identity map to the at least one migration agent.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The apparatus of claim 7, wherein at least two of the locally managed identities each correspond to a non-unique identifier.
  - 9. The apparatus of claim 7, wherein the locally managed identities comprise at least one identity group that comprises at least one identity and at least one related identity.
  - 10. The apparatus of claim 7, wherein at least one of the centrally managed identities comprises a pre-existing centrally managed identity.
  - 11. The apparatus of claim 7, wherein the locally managed identities and the centrally managed identities correspond to distinct platforms.
  - 12. The apparatus of claim 7, further comprising a centrally managed identity data store configured to store the locally managed identities to facilitate merging the locally managed identities with centrally managed identities.
  - 13. The apparatus of claim 7, further comprising a scheduling module configured to enable scheduling of at least one identity management operations.
  - 14. The apparatus of claim 7, wherein the identity merge module is further configured to unmerge the locally managed identities from the centrally managed identities in response to receiving an unmerge request.
  - 15. The apparatus of claim 7, wherein the identity merge module is further configured to perform an identity conflict check.

16. An apparatus to facilitate centralized identity management, the apparatus comprising:
- a communication module configured to receive a request for locally managed identities;
  
  an identity migration agent configured to retrieve the locally managed identities in accordance with the request;
  
  the communication module further configured to communicate the locally managed identities to an identity migration server;
  
  the communication module further configured to receive an identity map from the identity migration server and store the identity map in an identity map data store, the identity map thereof maps the locally managed identities to centrally managed identities;
  
  the identity migration agent further configured to reassign resources of the locally managed identities to the centrally managed identities in accordance with the identity map; and
  
  an identification module configured to provide user identification services via the identity map for locally managed identities as though the locally managed identities were centrally managed identities.

17. A system to centralize identity management, the system comprising:
- a centralized identity server configured to store identity information for a plurality of users; and
  
  an identity migration agent configured to retrieve locally managed identities and communicate the locally managed identities to an identity migration server;
  
  the identity migration server configured to;
  
  receive the locally managed identities from the identity migration agent;
  
  merge the locally managed identities with centrally managed identities according to a plurality of rules;
  
  create an identity map that maps the locally managed identities to the centrally managed identities; and
  
  communicate the identity map to the identity migration agent;
  
  the identity migration agent further configured to reassign resources of the locally managed identities to the centrally managed identities in accordance with the identity map.
- View Dependent Claims (18)
- - 18. The system of claim 17, further comprising a web server configured to enable a user to specify the plurality of rules.

19. A computer readable medium tangibly embodying a program of machine-readable instructions executable by a digital processing apparatus to perform operations to centralize identity management, the operations comprising:
- retrieving locally managed identities from at least one server;
  
  merging the locally managed identities with centrally managed identities according to a plurality of rules;
  
  creating an identity map that maps the locally managed identities to the centrally managed identities;
  
  communicating the identity map to the at least one server; and
  
  reassigning resources of the locally managed identities to the centrally managed identities in accordance with the identity map.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Vanyukhin, Nikolay, Shevnin, Oleg, Korotich, Alexey

Granted Patent

US 7,895,332 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/226
CPC Class Codes

G06F 16/214   Database migration support

H04L 41/0873   Checking configuration conf...

H04L 41/12   Discovery or management of ...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

IDENTITY MIGRATION SYSTEM APPARATUS AND METHOD

First Claim

26 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

IDENTITY MIGRATION SYSTEM APPARATUS AND METHOD

First Claim

26 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others