Multiple security access mechanisms for a single identifier
First Claim
Patent Images
1. A method, comprising:
- receiving a first authentication secret associated with a principal;
validating the first authentication secret from a plurality of assigned authentication secrets associated with the principal;
acquiring one or more attributes in response to their association with the validated first authentication secret; and
transmitting an access credential along with the one or more attributes in response to the validated first authentication secret.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for using multiple security access mechanisms for a single identifier are presented. A single identifier is permitted to be associated with multiple authentication secrets. The single identifier resolves to a particular identity in response to the particular authentication secret presented with the single identifier. Moreover, in an embodiment, any resolved identity may have a variety of attributes automatically set for a particular communication session, such as role, access rights, etc.
44 Citations
25 Claims
-
1. A method, comprising:
-
receiving a first authentication secret associated with a principal; validating the first authentication secret from a plurality of assigned authentication secrets associated with the principal; acquiring one or more attributes in response to their association with the validated first authentication secret; and transmitting an access credential along with the one or more attributes in response to the validated first authentication secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving an identifier and a first password from a requestor; authenticating a first identity for a principal in response to the identifier and the first password, wherein the identifier is associated with multiple different identities associated with the principal and multiple different passwords, and the first password is used to select the first identity of the principal; acquiring a role attribute for the principal in response to the first identity; and providing an authentication credential for the principal and the role attribute to the requestor. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system, comprising:
-
a trusted data store; and an identity service, wherein the identity service is to receive an identifier and a first password from a principal, and wherein the identity service is to use the first password and the identifier to search the trusted data store to determine how to authenticate the principal, and wherein the trusted data store includes multiple passwords for the principal that the identity service uses to find a match with the first password, and wherein the identity service is to resolve a first identity for the principal in response to the authentication and supplies the first identity via a credential to the principal for subsequent use. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system, comprising:
-
a directory service; and an identity service, wherein the identity service manages multiple passwords for a single principal, each password corresponding to different role that the principal can assume for a particular communication session, and wherein the identity service uses the directory service to assist in resolving a particular role for the principal for a given password supplied on behalf of the principal. - View Dependent Claims (22, 23, 24, 25)
-
Specification