INTERACTIVE SELECTION OF IDENTITY INFORMATOIN SATISFYING POLICY CONSTRAINTS

US 20100100926A1
Filed: 10/16/2008
Published: 04/22/2010
Est. Priority Date: 10/16/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for verifying an attribute, comprising:

providing a compound policy by a relying party, the compound policy having one or more claims and/or sub-claims expressing conditions on attributes and constants;

associating identity providers with aspects of the compound policy by mapping attributes of the compound policy with attributes of the identity providers;

enabling a selection of at least one identity provider that satisfies the compound policy; and

verifying at least one attribute of the user by at least one identity provider in accordance with the selection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for verifying an attribute includes providing a compound policy by a relying party. The compound policy has one or more claims and/or sub-claims expressing conditions on attributes and constants. Identity providers are associated with aspects of the compound policy by mapping attributes of the compound policy with attributes of the identity providers. A selection of at least one identity provider that satisfies the compound policy is enabled. At least one attribute of the user is verified by at least one identity provider in accordance with the selection.

48 Citations

View as Search Results

20 Claims

1. A method for verifying an attribute, comprising:
- providing a compound policy by a relying party, the compound policy having one or more claims and/or sub-claims expressing conditions on attributes and constants;
  
  associating identity providers with aspects of the compound policy by mapping attributes of the compound policy with attributes of the identity providers;
  
  enabling a selection of at least one identity provider that satisfies the compound policy; and
  
  verifying at least one attribute of the user by at least one identity provider in accordance with the selection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, wherein providing includes generating a graphical user interface to display the compound policy.
  - 3. The method as recited in claim 2, wherein the graphical user interface includes a plurality of regions, each region being designated to represent identity providers which satisfy claims of the compound policy.
  - 4. The method as recited in claim 3, further comprising representing identity providers in the graphical user interface and placing a representation of the identity provider in the regions where the claims of the compound policy are satisfied.
  - 5. The method as recited in claim 1, wherein the compound policy includes alternative sub-claims and further comprising selecting from among the alternative sub-claims.
  - 6. The method as recited in claim 5, wherein selecting from among the alternative sub-claims causes the representations of the identity providers to be altered in accordance with newly selected sub-claims of the compound policy.
  - 7. The method as recited in claim 1, wherein the compound policy includes alternative claims and further comprising selecting from among the alternative claims.
  - 8. The method as recited in claim 1, wherein relationships between at least one of claims and sub-claims are expressed in conjunctive normal form.
  - 9. The method as recited in claim 1, wherein verifying includes:
    - requesting verification of the at least one attribute of the user from at least one identity provider;
      
      verifying at least one attribute of the user; and
      
      providing proof of the verification to the relying party.
  - 10. The method as recited in claim 1, wherein the proof includes a zero-knowledge proof in which an actual value of an attribute is not divulged.

11. A computer readable medium comprising a computer readable program for verifying an attribute, wherein the computer readable program when executed on a computer causes the computer to perform the steps of;
- providing a compound policy by a relying party, the compound policy having one or more claims and/or sub-claims expressing conditions on attributes and constants;
  
  associating identity providers with aspects of the compound policy by mapping attributes of the compound policy with attributes of the identity providers;
  
  enabling a selection of at least one identity provider that satisfies the compound policy; and
  
  verifying at least one attribute of the user by at least one identity provider in accordance with the selection.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer readable medium as recited in claim 11, wherein providing includes generating a graphical user interface to display the compound policy.
  - 13. The computer readable medium as recited in claim 12, wherein the graphical user interface includes a plurality of regions, each region being designated to represent identity providers which satisfy claims of the compound policy.
  - 14. The computer readable medium as recited in claim 13, further comprising representing identity providers in the graphical user interface and placing a representation of the identity provider in the regions where the claims of the compound policy are satisfied.
  - 15. The computer readable medium as recited in claim 11, wherein the compound policy includes alternative sub-claims and further comprising selecting from among the alternative sub-claims.
  - 16. The computer readable medium as recited in claim 15, wherein selecting from among the alternative sub-claims causes the representations of the identity providers to be altered in accordance with new conditions of the compound policy.

17. A system for verifying an attribute, comprising:
- an identity selector configured on a computer device having a display, the identity selector including;
  
  a graphical user interface configured to display a compound policy from a relying party, the compound policy having one or more claims and sub-claims, the graphical user interface including a plurality of regions, each region being designated to represent identity providers which satisfy claims of the compound policy and represent the identity providers in the graphical user interface by placing a representation of the identity provider in the regions where the claims of the compound policy are satisfied;
  
  a mapper configured to associate identity providers with aspects of the compound policy to map attributes of the compound policy with attributes of the identity providers to provide the representation of the identity providers in the regions of the graphical user interface; and
  
  a selection mechanism configured to permit a selection of the at least one identity provider that satisfies the compound policy.
- View Dependent Claims (18, 19, 20)
- - 18. The system as recited in claim 17, wherein the compound policy includes alternative sub-claims and a user selects from among the alternative sub-claims using the selection mechanism such that the representations of the identity providers are altered in accordance with new conditions of the compound policy.
  - 19. The system as recited in claim 18, wherein relationships between at least one of claims and sub-claims are expressed in conjunctive normal form.
  - 20. The system as recited in claim 17, wherein the identity selector includes one of a computer device, and a cellular telephone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Camenisch, Jan, Sommer, Dieter M., Binding, Carl, Bussani, Anthony

Application Number

US12/252,598
Publication Number

US 20100100926A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

INTERACTIVE SELECTION OF IDENTITY INFORMATOIN SATISFYING POLICY CONSTRAINTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

INTERACTIVE SELECTION OF IDENTITY INFORMATOIN SATISFYING POLICY CONSTRAINTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links