Just In Time Trust Establishment and Propagation
First Claim
1. A computer implemented method for propagating trust relationships between components across multiple domains in at least one online service system, the method comprising the steps of:
- attempting to validate, by a first computer system in a first domain of an online service system, a certificate of a second computer system in a second domain of an online service system;
determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain;
responsive to determining that a trust relationship does not exist between the first computer system in the first domain and the second domain, determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain;
propagating, by the first computer system, a trust status between the first domain and the second domain to the first computer system in the first domain; and
determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status.
8 Assignments
0 Petitions
Accused Products
Abstract
Trust relationships in an online service system are established at a domain level, and propagated to components of domains as they attempt cross domain communication. In attempting to communicate across domains, a first component in a first domain attempts to validate a certificate of a second component in a second domain. Where the attempt to validate the certificate indicates that a trust relationship does not exist between the first component and the second domain, the first component determines whether a domain level trust relationship exists between the two domains. The first component propagates the trust status between the first and second domains to itself. If there is an existing trust relationship between the first and second domains, the first component validates the certificate of the second component in response. The second component executes the same process to complete the connection.
30 Citations
20 Claims
-
1. A computer implemented method for propagating trust relationships between components across multiple domains in at least one online service system, the method comprising the steps of:
-
attempting to validate, by a first computer system in a first domain of an online service system, a certificate of a second computer system in a second domain of an online service system; determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain; responsive to determining that a trust relationship does not exist between the first computer system in the first domain and the second domain, determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain; propagating, by the first computer system, a trust status between the first domain and the second domain to the first computer system in the first domain; and determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. At least one computer readable storage medium storing a computer program product for propagating trust relationships between components across multiple domains in at least one online service system, the computer program product comprising:
-
program code for attempting to validate, by a first computer system in a first domain of an online service system, a certificate of a second computer system in a second domain of an online service system; program code for determining, by the first computer system, that a trust relationship does not exist between the first computer system in the first domain and the second domain; program code for, responsive to determining that a trust relationship does not exist between the first computer system in the first domain and the second domain, determining, by the first computer system, whether a trust relationship exists between the first domain and the second domain; program code for propagating, by the first computer system, a trust status between the first domain and the second domain to the first computer system in the first domain; and program code for determining, by the first computer system, whether to validate the certificate of the second computer system responsive to the propagated trust status. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer implemented method for propagating trust relationships between components across multiple domains in at least one online service system, the method comprising the steps of:
-
establishing trust relationships at a domain for each of a plurality of domains, by at least one computer; responsive to attempts by components in different domains to communicate across the different domains, propagating domain level established trust relationships to the components, by at least one computer; and executing cross domain communication between components in different domains across the different domains, responsive to domain level trust relationships between the different domains being propagated to the components, by at least one computer.
-
Specification