Push Artifact Binding For Communication In A Federated Identity System
First Claim
1. A data processing system comprising:
- a federated identity system comprising;
an initiator that handles a federated action by determining that a user is to be conveyed to a recipient, constructing an appropriate message request or assertion to be sent to the recipient, and sending the message as a push message over a back-channel communication pathway directed to the recipient'"'"'s location; and
a recipient that handles the federated action by responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed, the initiator redirecting the user to the URL specified in the recipient response.
8 Assignments
0 Petitions
Accused Products
Abstract
A data processing system implements push artifact binding for communication in a federated identity system. A federated identity system in the data processing system comprises an initiator that handles a federated action by determining that a user is to be conveyed to a recipient, constructing an appropriate message request or assertion to be sent to the recipient, and sending the message as a push message over a back-channel communication pathway directed to the recipient'"'"'s location. The federated identity system further comprises a recipient that handles the federated action by responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed. The initiator redirects the user to the URL specified in the recipient response.
43 Citations
21 Claims
-
1. A data processing system comprising:
a federated identity system comprising; an initiator that handles a federated action by determining that a user is to be conveyed to a recipient, constructing an appropriate message request or assertion to be sent to the recipient, and sending the message as a push message over a back-channel communication pathway directed to the recipient'"'"'s location; and a recipient that handles the federated action by responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed, the initiator redirecting the user to the URL specified in the recipient response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A computer-executed method for communicating in a federated identity system comprising:
-
handling a federated action at an initiator comprising; determining that a user Is to be conveyed to a recipient; constructing an appropriate message request or assertion to be sent to the recipient; and sending the message over a back-channel communication pathway directed to the recipient'"'"'s location; handling the federated action at the recipient comprising; responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed; and further handling the federated action at the initiator comprising; redirecting the user to the URL specified in the recipient response. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An article of manufacture comprising:
a controller-usable medium having a computer readable program code embodied in a distributed controller executable in an initiator and a recipient for communicating in a federated identity system, the computer readable program code further comprising; code executable in an initiator causing the controller to determine that a user is to be conveyed to a recipient; code executable in the initiator causing the controller to construct an appropriate message request or assertion to be sent to the recipient; code executable in the initiator causing the controller to send the message over a back-channel communication pathway directed to the recipient'"'"'s location; code executable in the recipient causing the controller to respond to the message by forming a Uniform Resource Locator (URL) to which the user can be directed; code executable in the recipient causing the controller to combine a unique identifier equivalent to an artifact binding into the Uniform Resource Locator (URL) to which the user can be directed; and code executable in the initiator causing the controller to redirect the user to the URL specified in the recipient response. - View Dependent Claims (20, 21)
Specification