Native Use Of Web Service Protocols And Claims In Server Authentication

US 20080301784A1
Filed: 05/31/2007
Published: 12/04/2008
Est. Priority Date: 05/31/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented authentication system, comprising:

an authentication component for providing authentication to a web service based on claims; and

an abstraction layer for exposing the authentication to a client application for natively accessing the web service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

77 Citations

View as Search Results

20 Claims

1. A computer-implemented authentication system, comprising:
- an authentication component for providing authentication to a web service based on claims; and
  
  an abstraction layer for exposing the authentication to a client application for natively accessing the web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the authentication component provides claims-based authentication via HTTP.
  - 3. The system of claim 1, wherein the authentication component includes a security support provider (SSP) that emulates ws-trust and ws-mex.
  - 4. The system of claim 3, wherein the security support provider facilitates policy exchange between the client application and the web service.
  - 5. The system of claim 1, wherein the authentication component includes a SSP that facilitates policy exchange via a WWW-Authenticate header.
  - 6. The system of claim 5, wherein the policy exchange facilitates selection of the claims by the client application when authenticating to the web service.
  - 7. The system of claim 6, wherein the claims selected are a best-fit for authentication of the client application to the web service.
  - 8. The system of claim 1, wherein the client application retries an HTTP request in response to receiving an authentication header from the web service.
  - 9. The system of claim 1, wherein the authentication component is managed by a negotiate security service provider.
  - 10. The system of claim 1, wherein the claims include statements about a user, the statements include at least one of name, identity, group, privilege, or capability.

11. A computer-implemented method of authenticating a client, comprising:
- sending a request for access from a client to a web server;
  
  receiving a request for claims information from the web server;
  
  processing the request for claims information from the client to a federated service;
  
  receiving the claims information from the federated service; and
  
  authenticating the client to the web server based on the claims information.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising authenticating the client natively transparent to a client user.
  - 13. The method of claim 11, wherein the client is authenticated to the web server using HTTP authentication.
  - 14. The method of claim 11, further comprising receiving an unauthorized status code and an HTTP authenticate header from the web server based on an acceptable authorization header from the client.
  - 15. The method of claim 14, wherein the client automatically retries sending the request, which is an HTTP request, to the web server, passing an HTTP authorization header.
  - 16. The method of claim 11, further comprising receiving a security policy token from the web server for negotiating an SSP to the federated service.
  - 17. The method of claim 16, wherein the SSP employs a Web Service family of protocols for HTTP authentication of the client to the web server.
  - 18. The method of claim 11, further comprising selecting a security policy to employ via a negotiate SSP.
  - 19. The method of claim 11, further comprising returning a success or failure message to the client from the web server.

20. A computer-implemented system, comprising:
- computer-implemented means for sending a request for access from a client to a web server;
  
  computer-implemented means for receiving a request for claims information from the web server;
  
  computer-implemented means for processing the request for claims information from the client to a federated service;
  
  computer-implemented means for receiving the claims information from the federated service; and
  
  computer-implemented means for authenticating the client to the web server based on the claims information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shewchuk, John P., Medvinsky, Gennady, Dutta, Tanmoy, Ilac, Cristian, Zhu, Liqiang, Luther, Andreas

Granted Patent

US 8,528,058 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

Native Use Of Web Service Protocols And Claims In Server Authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Native Use Of Web Service Protocols And Claims In Server Authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links