Establishment of Security Federations

US 20090241166A1
Filed: 03/19/2008
Published: 09/24/2009
Est. Priority Date: 03/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

modeling a process that involves secure interaction between administrative domains, the modeled process specifying role information for each of the administrative domains and interactions between the administrative domains;

receiving the role information associated with candidate administrative domains;

dynamically resolving appropriate administrative domains from the candidate administrative domains based on the modeled process and the received role information;

automatically deriving trust realms between the dynamically resolved appropriate administrative domains based on the role information and the interactions from the modeled process; and

effecting secure interaction between the dynamically resolved appropriate administrative domains through the automatically derived trust realms.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure interactions between administrative domains are modeled. The modeled process specifies role information for each of the administrative domains and interaction between the administrative domains. Role information associated with candidate administrative domains is received, and appropriate administrative domains from the candidate administrative domains are dynamically resolved based on the modeled process and the received role information. Trust realms between the dynamically resolved appropriate administrative domains are automatically derived based on the role information and the interactions from the modeled process. The secure interaction between the dynamically resolved appropriate administrative domains is effected through the automatically derived trust realms.

Citations

20 Claims

1. A computer-implemented method comprising:
- modeling a process that involves secure interaction between administrative domains, the modeled process specifying role information for each of the administrative domains and interactions between the administrative domains;
  
  receiving the role information associated with candidate administrative domains;
  
  dynamically resolving appropriate administrative domains from the candidate administrative domains based on the modeled process and the received role information;
  
  automatically deriving trust realms between the dynamically resolved appropriate administrative domains based on the role information and the interactions from the modeled process; and
  
  effecting secure interaction between the dynamically resolved appropriate administrative domains through the automatically derived trust realms.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the process is modeled using Web Services Choreography Description Language (CDL).
  - 3. The method of claim 1, wherein the secure interaction further comprises an issuance of security tokens at each of the administrative domains and a format conversion of the security tokens.
  - 4. The method of claim 1, wherein modeling the process further comprises defining an order, a message format, and parameters of the secure communication.
  - 5. The method of claim 1, further comprising:
    - determining that a collaboration between any two of the dynamically resolved administrative domains has ended; and
      
      terminating the trust realm between the two dynamically resolved administrative domains based on the determination that the collaboration has ended.
  - 6. The method of claim 1, wherein dynamically resolving the appropriate administrative domains further comprises:
    - generating a list of administrative domains that satisfy the role information specified in the modeled process; and
      
      selecting the appropriate administrative domains from the list of administrative domains.
  - 7. The method of claim 6, further comprising transmitting an invitation to each of the administrative domains on the generated list of administrative domains, wherein the appropriate administrative domains are selected based on receiving an acceptance to the invitation.
  - 8. The method of claim 7, wherein effecting the secure interaction among the dynamically resolved administrative domains further comprises:
    - accessing trust information associated with the appropriate administrative domains;
      
      signalling, to the appropriate administrative domains, the initiation of a collaboration represented by the modelled process;
      
      sending the trust information to the appropriate administrative domains such that the secure interaction among the dynamically resolved administrative domains is effected.
  - 9. The method of claim 1, wherein effecting the secure interaction among the dynamically resolved administrative domains further comprises:
    - signaling, to the appropriate administrative domains, the initiation of a collaboration represented by the modeled process;
      
      allowing access to trust information associated with the appropriate administrative domains such that the trust information is downloadable by the other appropriate administrative domains.
  - 10. The method of claim 9, wherein allowing access to trust information comprises interaction among the appropriate administrative domains such that the appropriate administrative domains exchange the trust information with each other.
  - 11. The method of claim 8, wherein the trust information comprises keys and a name associated with the administrative domain.
  - 12. The method of claim 1, wherein the role information specified in the modeled process enumerates an observable behavior a first administrative domain exhibits in order to collaborate with a second administrative domain.
  - 13. The method of claim 12, wherein the role information specified in the modeled process designates the first administrative domain as a buyer role and the second administrative domain as a seller role.
  - 14. The method of claim 12, wherein the role information specified in the modeled process identifies a behavior that the first and second administrative domains must satisfy.
  - 15. The method of claim 14, wherein the behavior comprises a purchasing behavior or a customer management behavior for each of the first and second administrative domains.
  - 16. The method of claim 1, further comprising invoking the process using the dynamically resolved administrating domains.
  - 17. The method of claim 1, wherein the process is a composite services process between hierarchically organized administrative domains.
  - 18. The method of claim 1, wherein:
    - the process is a collaborative engineering process, andthe secure interactions between administrative domains are peer-to-peer interactions.

19. A computer program product, tangibly embodied in a machine-readable medium, the computer program product comprising instructions that, when read by a machine, operate to cause a data processing apparatus to:
- model a process that involves secure interaction between administrative domains, the modeled process specifying role information for each of the administrative domains and interactions between the administrative domains;
  
  receive the role information from candidate administrative domains;
  
  dynamically resolving appropriate administrative domains from the candidate administrative domains based on the modeled process and the received role information;
  
  automatically derive trust realms between the dynamically resolved appropriate administrative domains based on the role information and the interactions from the modeled process; and
  
  effect secure interactions between the dynamically resolved appropriate administrative domains through the automatically derived trust realms.

20. A device comprising:
- a processor configured to;
  
  model a process that involves secure interaction between administrative domains, the modeled process specifying role information for each of the administrative domains and interactions between the administrative domains,receive the role information associated with candidate administrative domains,dynamically resolve appropriate administrative domains from the candidate administrative domains based on the modeled process and the received role information,automatically derive trust realms between the dynamically resolved appropriate administrative domains based on the role information and the interactions from the modeled process, andeffect secure interactions between the dynamically resolved appropriate administrative domains though the automatically derived trust realms; and
  
  a repository configured to;
  
  store the role information associated with each of the administrative domains and relationship types associated with each of the administrative domain, andtransmit the role information and relationship type to the processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Thurm, Bernhard, Hu, Ji

Granted Patent

US 8,104,069 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06Q 10/10 Office automation; Time man...

Establishment of Security Federations

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Establishment of Security Federations

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links