×

MOVING PRINCIPALS ACROSS SECURITY BOUNDARIES WITHOUT SERVICE INTERRUPTION

  • US 20080184343A1
  • Filed: 03/31/2008
  • Published: 07/31/2008
  • Est. Priority Date: 09/22/2003
  • Status: Active Grant
First Claim
Patent Images

1. At an authenticating authority in a network environment, the authenticating authority configured to authenticate requests for a specified domain within the network environment, the authenticating authority communicatively coupled to one or more other authenticating authorities, each of the one or more other authenticating authorities configured to authenticate requests for one or more other specified domains within the network environment, a method for transferring an authentication request to an appropriate authenticating authority within the network environment, the method comprising:

  • receiving a request for access to resources within the network environment from a principal, the request including both an individual identifier and a domain identifier, the combination of the individual identifier and a domain identifier representing the identity of a principal;

    forwarding at least part of the received request to a super authority prior to determining if the authenticating authority is the appropriate authenticating authority to authenticate the request, the super authority configured to direct access attempts to appropriate authenticating authorities, from among the one or more other authenticating authorities, for authentication, the super authority directing access by resolving combinations of individual identifiers and domain identifiers representing identities to appropriate authenticating authorities for authentication the requests, the super authority including an identity catalog with a plurality of mapping entries, each mapping entry mapping a combination of an individual identifier and an domain identifier representing an identity to an appropriate authenticating authority for authenticating requests for the identity;

    receiving a referral from the super authority, the referral conveying the identify of an appropriate authenticating authority that is to authenticate the received request for the identity represented by the combination of the individual identifier and a domain identifier, the referral indicating to the authenticating authority that the authenticating authority is to pass the received request to the identified appropriate authentication authority to reduce resource consumption at the super authority; and

    passing the received request from the authenticating authority to the identified appropriate authenticating authority in response to receiving the referral such that the identified appropriate authentication authority can authenticate the received request for the principal.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×