Selective Cross-Realm Authentication
First Claim
Patent Images
1. A method comprising:
- receiving, from an entity authenticated in a first realm, a request to access a resource associated with a second realm;
determining whether entities authenticated by other than the second realm are allowed access to the resource according to a selective trust relationship between the second realm and other realms that include the first realm;
in an event that entities authenticated by other than the second realm are allowed access to the resource;
determining other realm access permissions to be assigned to entities authenticated by other than the second realm, based on the selective trust relationship, wherein the other realm access permissions are different from second realm access permissions that are to be assigned to entities authenticated by the second realm; and
granting the entity access to the resource according to the other realm access permissions; and
in an event that entities authenticated by other than the second realm are not allowed to access the resource, refusing to grant the entity access to the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.
82 Citations
20 Claims
-
1. A method comprising:
-
receiving, from an entity authenticated in a first realm, a request to access a resource associated with a second realm; determining whether entities authenticated by other than the second realm are allowed access to the resource according to a selective trust relationship between the second realm and other realms that include the first realm; in an event that entities authenticated by other than the second realm are allowed access to the resource; determining other realm access permissions to be assigned to entities authenticated by other than the second realm, based on the selective trust relationship, wherein the other realm access permissions are different from second realm access permissions that are to be assigned to entities authenticated by the second realm; and granting the entity access to the resource according to the other realm access permissions; and in an event that entities authenticated by other than the second realm are not allowed to access the resource, refusing to grant the entity access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving, from a user authenticated in a first realm, a request to access a resource associated with a second realm; and associating with the user, an identifier that indicates the user was authenticated in a realm other than the second realm, wherein the second realm has a selective trust relationship with other realms, including the first realm, such that user access permissions to the resource associated with the second realm differ based on whether the user was authenticated in the second realm or whether the user was authenticated in one of the other realms. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a first domain controller implemented to maintain first user accounts and to authenticate users based on the first user accounts; a second domain controller implemented to maintain second user accounts and to authenticate users based on the second user accounts; and a cross-realm authenticator configured to associate, with a request from an entity authenticated by the first domain controller to access a resource associated with the second domain controller, an identifier that indicates that the request is from an entity authenticated by a domain controller other than the second domain controller. - View Dependent Claims (20)
-
Specification