FEDERATED AUTHENTICATION FOR MAILBOX REPLICATION
First Claim
Patent Images
1. A method to be executed at least in part in a computing device for employing federated authentication in data replication across authentication boundaries, the method comprising:
- receiving a request for data replication from a first service operating in a first domain at a second service operating in a second domain, wherein the request includes a federated token associated with the first service;
passing the federated token to a third party trust broker issuing the federated token;
receiving one of;
a confirmation and a denial from the third party trust broker; and
responding to the first service with an affirmation of the request if a confirmation is received from the third party trust broker.
2 Assignments
0 Petitions
Accused Products
Abstract
A data replication mechanism is proposed that relies on existing federation infrastructure enabling distributed authentication instead of storing and using explicit credentials for a remote forest. The data replication mechanism requests a federation token with data replication capabilities targeted to the remote forest and passes this token to the remote forest in lieu of explicit credentials.
60 Citations
20 Claims
-
1. A method to be executed at least in part in a computing device for employing federated authentication in data replication across authentication boundaries, the method comprising:
-
receiving a request for data replication from a first service operating in a first domain at a second service operating in a second domain, wherein the request includes a federated token associated with the first service; passing the federated token to a third party trust broker issuing the federated token; receiving one of;
a confirmation and a denial from the third party trust broker; andresponding to the first service with an affirmation of the request if a confirmation is received from the third party trust broker. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for facilitating data replication in electronic mail services employing federated authentication, the system comprising:
-
a first server associated with a first domain executing a first service, the first service performing actions including; establish a trust relationship with a third party trust broker; receive a request for data replication; request a federated token from the third party trust broker; pass the federated token along with the request to a target service in a second domain that is separated from the first domain by at least one authentication boundary; and a second server associated with the second domain executing a second service identified as the target service in the federated token, the second service performing actions including; establish a trust relationship with the third party trust broker; pass the received federated token to the third party trust broker; receive one of;
a confirmation and a denial from the third party trust broker; andrespond to the first service with an affirmation of the request if a confirmation is received from the third party trust broker. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer-readable storage medium with instructions stored thereon for employing federated authentication in data replication across authentication boundaries, the instructions comprising:
-
establishing individual trust relationships between a first service operating in a first domain and a third party trust broker, and a second service operating in a second domain and the third party trust broker; receiving a request for data replication at the first service; requesting a federated token from the third party trust broker at the first service; passing the federated token along with the request from the first service to the second service, wherein the federated token includes at least one desired capability at the second service; passing the federated token to the third party trust broker issuing the federated token from the second service; receiving one of;
a confirmation and a denial from the third party trust broker;if a confirmation is received from the third party trust broker, authorizing the request by comparing the at least one desired capability to a configuration of the second service; and responding to the first service with an affirmation of the request and requested data by the second service. - View Dependent Claims (18, 19, 20)
-
Specification