CLAIMS-BASED AUTHORIZATION AT AN IDENTITY PROVIDER
First Claim
1. A method comprising:
- generating a claim at an identity provider using one or more processors of the identity provider, the claim including an indicator that specifies access rights of a first entity with respect to a first relying party; and
providing the indicator to the first relying party to enable the first relying party to determine whether the first entity is authorized to utilize a service provided by the first relying party.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described herein for managing access to services (e.g., Web sites, applications, results of executable operations, etc.) that are provided by relying parties. A relying party is a processing system that relies on an identity provider to authenticate an entity (e.g., user or software application) that attempts to access a service provided by the relying party. The identity provider is a processing system that is configured to perform authentication and authorization operations with respect to the entity. The identity provider generates a claim that indicates access rights of the entity with respect to the relying party. The identity provider provides the claim to the relying party via a user system or via a direct or indirect link that bypasses the user system. The relying party determines whether to allow the entity to access the service based on the access rights indicated by the claim.
-
Citations
20 Claims
-
1. A method comprising:
-
generating a claim at an identity provider using one or more processors of the identity provider, the claim including an indicator that specifies access rights of a first entity with respect to a first relying party; and providing the indicator to the first relying party to enable the first relying party to determine whether the first entity is authorized to utilize a service provided by the first relying party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving an indicator from an identity provider at a relying party, the indicator specifying access rights of an entity with respect to the relying party; and determining at the relying party, using one or more processors of the relying party, whether the entity is authorized to utilize a service provided by the relying party based on the indicator. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An identity provider comprising:
-
an authentication module configured to authenticate an entity; a claim generation module configured to generate a claim that includes an indicator that specifies access rights of the entity with respect to a relying party; and an indicator providing module configured to provide the indicator to the relying party to enable the relying party to determine whether the entity is authorized to utilize a service provided by the relying party. - View Dependent Claims (19, 20)
-
Specification