USING OPAQUE GROUPS IN A FEDERATED IDENTITY MANAGEMENT ENVIRONMENT
First Claim
1. A method of promoting user anonymity within a federated identity management system, the system comprising identity providers configured to authenticate users and service providers configured to provide services to the users, the method comprising:
- creating an opaque group at a first identity provider to include multiple users of the federated identity management system, wherein each user has a primary identity within the system;
storing at the first identity provider an identity of the opaque group, wherein the identity references the primary identities of the member users; and
facilitating the provision of services by the service providers to members of the opaque group without allowing the service providers to know the primary identities of the members of the group.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for using an opaque group within a federated identity management environment, to prevent disclosure of identities of the group. An opaque group is constructed at an identity provider within the system and has a group identity that references primary system identities of its members (e.g., electronic mail addresses, public key certificates, network addresses). Services to the group (e.g., distribution of an object such as a document or electronic mail message, invitation to an online meeting, authentication as a member of the group) can be requested from service providers, but because service providers do not have access to members'"'"' primary identities, the service providers forward the requests to an identity provider that has access to the group identity. That identity provider retrieves the members'"'"' identities and completes the action.
119 Citations
19 Claims
-
1. A method of promoting user anonymity within a federated identity management system, the system comprising identity providers configured to authenticate users and service providers configured to provide services to the users, the method comprising:
-
creating an opaque group at a first identity provider to include multiple users of the federated identity management system, wherein each user has a primary identity within the system; storing at the first identity provider an identity of the opaque group, wherein the identity references the primary identities of the member users; and facilitating the provision of services by the service providers to members of the opaque group without allowing the service providers to know the primary identities of the members of the group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of promoting user anonymity within a federated identity management system, the system comprising identity providers configured to authenticate users and service providers configured to provide services to the users, the method comprising:
-
creating an opaque group at a first identity provider to include multiple users of the federated identity management system, wherein each user has a primary identity within the system; storing at the first identity provider an identity of the opaque group, wherein the identity references the primary identities of the member users; and facilitating the provision of services by the service providers to members of the opaque group without allowing the service providers to know the primary identities of the members of the group.
-
-
12. A computer-implemented method of enabling users within a federated identity management system to access a resource of the system anonymously, the method comprising:
-
establishing an identity of an opaque group at a first identity provider within the system; configuring said group identity to include identities of members of the group; and within the system, enabling service providers to provide services to the group without knowledge of the identities of the members of the group. - View Dependent Claims (13)
-
-
14. A computer-readable medium storing instructions that, when executed by a computer, cause the computer to perform a method of enabling users within a federated identity management system to access a resource of the system anonymously, the method comprising:
-
establishing an identity of an opaque group at a first identity provider within the system; configuring said group identity to include identities of members of the group; and within the system, enabling service providers to provide services to the group without knowledge of the identities of the members of the group.
-
-
15. A federated identity management system in which a service is provided to a group of anonymous users, the system comprising:
-
an identity provider configured to authenticate users of the system; a service provider configured to; receive service requests from users of the system; and provide requested services to the users based on primary identities associated with the users; and a group identity stored at the identity provider and associated with an opaque group, wherein; said group identity comprises primary identities of members of the opaque group; and said group identity and not the members'"'"' primary identities are releasable to service providers; wherein the service provider is further configured to forward to the identity provider requests to provide services to the group. - View Dependent Claims (16, 17, 18, 19)
-
Specification