EXTENSIBLE MECHANISM FOR SECURING OBJECTS USING CLAIMS
First Claim
1. ) An extensible system for providing security claims about a logical object wherein:
- (a) a security broker is responsive to a registration request which identifies an unregistered claims provider by recording the identified claims provider as a registered claims provider;
(b) the registered claims provider is responsive to a claims request which identifies a secured object by providing at least one provider security claim asserted about the secured object; and
(c) the security broker is responsive to an access request from a client, the access request identifying a logical object, by;
(i) issuing a claims request to the registered claims provider, the claims request specifying the logical object as the secured object,(ii) receiving a provider security claim from the claims provider, and(iii) returning the provider security claim to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.
54 Citations
20 Claims
-
1. ) An extensible system for providing security claims about a logical object wherein:
-
(a) a security broker is responsive to a registration request which identifies an unregistered claims provider by recording the identified claims provider as a registered claims provider; (b) the registered claims provider is responsive to a claims request which identifies a secured object by providing at least one provider security claim asserted about the secured object; and (c) the security broker is responsive to an access request from a client, the access request identifying a logical object, by; (i) issuing a claims request to the registered claims provider, the claims request specifying the logical object as the secured object, (ii) receiving a provider security claim from the claims provider, and (iii) returning the provider security claim to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. ) An extensible method of securing access to an object on a computer network, the method comprising:
-
(a) dynamically registering a claims provider; (b) receiving a request from a client to access a specified logical object; (c) requesting a security claim asserted about the specified logical object from the claims provider; (d) receiving the security claim from the claims provider; and (e) returning the security claim to the client - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. ) An extensible method of securing access to an object on a computer network, the method comprising:
-
(a) dynamically registering a first claims provider and a second claims provider; (b) receiving a request from a client to access a specified logical object; (c) requesting a primary security claim asserted about the specified logical object from the first claims provider; (d) receiving the primary security claim from the first claims provider; (e) augmenting the primary security claim by supplying the primary security claim to the second claims provider and requesting a secondary security claim from the second claims provider; (f) receiving the secondary security claim in response; and (g) returning the primary security claim and the secondary security claim to the client.
-
-
20. ) The method of claim 20 wherein the steps of registering a primary claims provider and registering a secondary claims provider each comprises specifying an applicable scope for the security claim, wherein the steps of requesting a primary security claim and requesting a secondary security claim each only requests the security claim from the claims provider if the logical object is within the associated applicable scope.
Specification