IDENTITY ASSERTION FRAMEWORK
First Claim
1. A system comprising:
- a first security token service configured to receive a request for a first token from a consumer and to issue the first token to the consumer, the first security token service associated with a first security domain, the first token issued according to a first issuing policy of the first security domain;
a service provider, implemented using one or more processors, within a second security domain to receive the first token and make a determination whether the first token is invalid in the second security domain; and
a second security token service to receive the first token from the service provider if the first token is valid in the second security domain, to make a determination whether the first token was issued by the first security token service, and to validate the first token according to a federation policy between the first security domain and the second security domain.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for implementing an identity assertion framework to authenticate a user in a federation of security domains are provided. A first security token service (STS) is configured to receive a request for a first token from a consumer and to issue the first token to the consumer. The first STS is associated with a first security domain, and the first token is issued according to a first issuing policy of the first security domain. A service provider within a second security domain receives the first token and makes a determination whether the first token is invalid in the second security domain. A second STS receives the first token from the service provider, determines that the first token was issued by the first STS, and validates the first token according to a federation policy between the first security domain and the second security domain.
-
Citations
20 Claims
-
1. A system comprising:
-
a first security token service configured to receive a request for a first token from a consumer and to issue the first token to the consumer, the first security token service associated with a first security domain, the first token issued according to a first issuing policy of the first security domain; a service provider, implemented using one or more processors, within a second security domain to receive the first token and make a determination whether the first token is invalid in the second security domain; and a second security token service to receive the first token from the service provider if the first token is valid in the second security domain, to make a determination whether the first token was issued by the first security token service, and to validate the first token according to a federation policy between the first security domain and the second security domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
at a first security token service, issuing a first token to a consumer, the first security token service associated with a first security domain, the first token issued according to a first issuing policy of the first security domain; at a second security token service, receiving the first token from a service provider in a second security domain; at the second security token service, determining that the first token was issued by the first security token service; and at the second security token service, validating the first token according to a federation policy between the first security domain and the second security domain. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium, the non-transitory computer readable medium comprising instructions executable by one or more processors that when executed by the one or more processors, cause the one or more processors to perform a method comprising:
-
at a first security token service, issuing a first token to a consumer, the first security token service associated with a first security domain, the first token issued according to a first issuing policy of the first security domain; at a second security token service, receiving the first token from a service provider in a second security domain; at the second security token service, determining that the first token was issued by the first security token service; and at the second security token service, validating the first token according to a federation policy between the first security domain and the second security domain.
-
Specification