CREDENTIAL ARRANGEMENT IN SINGLE-SIGN-ON ENVIRONMENT
First Claim
1. In a computing system environment utilizing a single-sign-on framework on one or more physical or virtual computing devices, a method of arranging user credentials, comprising:
- identifying a plurality of target environments for a user to logon to one or more applications thereof;
providing a secret store per each said target environment;
identifying one or more roles of the user per each said target environment that the user can logon using a single-sign-on and access the one or more applications;
establishing credentials for each of the one or more roles to use the single-sign-on; and
saving the credentials in a corresponding one of the secret stores according to each said target environment.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods arrange user credentials on physical or virtual computing devices utilizing a single-sign-on framework. During use, a plurality of target environments exist for a user to logon to one or more applications thereof, including at least a personal and workplace environment. One or more roles of the user are identified per each target environment, such as a shopper in the personal environment and an engineer or manager in the workplace environment. The user has credentials per each role and are used to logon using a single-sign-on session to access the one or more applications. The credentials are stored in a secret store corresponding to the defined roles of the user per either the personal or workplace environment. Workplace policies defining the roles or synching credentials are other features as are establishing default roles or retrofitting existing SSO services. Computer program products and computing interaction are also disclosed.
-
Citations
20 Claims
-
1. In a computing system environment utilizing a single-sign-on framework on one or more physical or virtual computing devices, a method of arranging user credentials, comprising:
-
identifying a plurality of target environments for a user to logon to one or more applications thereof; providing a secret store per each said target environment; identifying one or more roles of the user per each said target environment that the user can logon using a single-sign-on and access the one or more applications; establishing credentials for each of the one or more roles to use the single-sign-on; and saving the credentials in a corresponding one of the secret stores according to each said target environment. - View Dependent Claims (2, 3, 4, 5, 6, 8)
-
-
7. The method of clam 6, wherein the establishing the default role further includes using a last-used role or a predetermined role.
-
9. In a computing system environment utilizing a single-sign-on framework on one or more physical or virtual computing devices, a method of arranging user credentials, comprising:
-
identifying a plurality of target environments for a user to logon to one or more applications thereof; providing a secret store per each said target environment; identifying one or more roles of the user per each said target environment that the user can logon using a single-sign-on and access the one or more applications; establishing credentials for each of the one or more roles to use the single-sign-on; saving the credentials in a corresponding one of the secret stores according to each said target environment including creating one or more key chains; and establishing a default role of the one or more roles of the user for a forthcoming single-sign-on session.
-
-
10. In a computing system environment utilizing a single-sign-on framework on one or more physical or virtual computing devices, a method of arranging user credentials, comprising:
-
identifying a plurality of target environments for a user to logon to one or more applications thereof, the target environments including at least a personal and workplace environment; providing a separate local or remote secret store per each said target environment; identifying one or more roles of the user per each said target environment that the user can logon using a single-sign-on and access the one or more applications, the workplace environment establishing a policy for acceptable roles of the one or more roles of the user; establishing credentials for each of the one or more roles to use the single-sign-on; saving the credentials in a corresponding one of the secret stores according to each said target environment; and establishing a default role of the one or more roles of the user for a forthcoming single-sign-on session. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product available as a download or on a computer readable medium having executable instructions for installation on one or more physical or virtual computing devices utilizing a single-sign-on framework, comprising:
-
a first component for receiving identification of a plurality of target environments for a user to logon to one or more applications thereof, the target environments including at least a personal and workplace environment; a second component for receiving identification of one or more roles of the user per each said target environment that the user can logon using a single-sign-on and access the one or more applications; a third component for receiving indication of credentials for each of the one or more roles to use the single-sign-on; and a fourth component to communicate with a secret store per each said target environment to save the credentials in a corresponding one of the secret stores. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computing system for arranging user credentials on one or more physical or virtual computing devices utilizing a single-sign-on framework, comprising:
-
a client workstation arranged as one of the one or more physical or virtual computing devices, a user of the client workstation able to logon using a single-sign-on thereby having access to one or more applications of a plurality of target environments including at least a single-sign-on session for a personal environment and a separate single-sign-on session for a workplace environment; a server arranged as another of the one or more physical or virtual computing devices, the server existing in the workplace environment and configured to communicate with the client workstation, the server having a policy defining roles of the user in both the personal and workplace environment; and a secret store per each said target environment for storing credentials corresponding to the defined roles of the user per either the personal or workplace environment.
-
Specification