RELYING PARTY PLATFORM

US 20130086657A1
Filed: 05/04/2012
Published: 04/04/2013
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor;

a computer-readable storage medium;

a mapping repository configured to store a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers;

identity management logic configured to use the mapping to determine that one or more identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of the first application in response to receiving a first request associated with a first application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality.

Citations

20 Claims

1. A system, comprising:
- a processor;
  
  a computer-readable storage medium;
  
  a mapping repository configured to store a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers;
  
  identity management logic configured to use the mapping to determine that one or more identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of the first application in response to receiving a first request associated with a first application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, further comprising:
    - credential management logic configured to generate credential collection data for use with a credential collection interface in response to determining that the one or more identity providers can be used to perform authentication activities on behalf of the first application, wherein the credential collection data identifies at least one of the one or more first identity providers.
  - 3. The system of claim 2, further comprising:
    - presentation logic configured to generate a user interface using the credential collection data, wherein the user interface includes one or more authentication user interface elements for collecting authentication credentials.
  - 4. The system of claim 2, wherein the identity management logic is further configured to use the mapping to determine that one or more identity providers of a second plurality of identity providers can be used to perform authentication activities on behalf of a second application in response to receiving a second request associated with the second application.
  - 5. The system of claim 2, wherein the identity management logic is further configured to:
    - determine that a first user of the first application has been authenticated using a first identity provider of the one or more first identity providers;
      
      determine, in response to a request from the first application to perform an action associated with a second application, that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider; and
      
      generate a token that enables the first application to perform the action on the second application.
  - 6. The system of claim 2, wherein:
    - the identity management logic is further configured to retrieve identity data from the first identity provider in response to receiving authentication credential information associated with the first identity provider, wherein the identity data includes first user identifying information;
      
      the credential management logic is further configured to generate an identity collection interface and pre-populate one or more user input elements of the identity collection interface with at least first user identifying information;
      
      the system further includes account creation logic configured to generate a local account that includes first user identifying information in response to receiving a request associated with the identity collection interface;
      
      wherein the first identity provider is an external identity provider.
  - 7. The system of claim 2, wherein:
    - the second application is a different application than the first application; and
      
      at least one of the identity providers in the first set is not in the second set of identity providers.

8. A method, comprising:
- storing a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers;
  
  in response to receiving a first request associated with a first application, using the mapping to determine that one or more identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of the first application;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - in response to determining that the one or more identity providers can be used to perform authentication activities on behalf of the first application, generating credential collection data for use with a credential collection interface, wherein the credential collection data identifies at least one of the one or more first identity providers.
  - 10. The method of claim 9, further comprising:
    - generating a user interface using the credential collection data, wherein the user interface includes one or more authentication user interface elements for collecting authentication credentials.
  - 11. The method of claim 9, further comprising:
    - in response to receiving a second request associated with a second application, using the mapping to determine that one or more identity providers of a second plurality of identity providers can be used to perform authentication activities on behalf of the second application.
  - 12. The method of claim 9, further comprising:
    - determining that a first user of the first application has been authenticated using a first identity provider of the one or more first identity providers;
      
      in response to a request from the first application to perform an action associated with a second application, determining that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider; and
      
      generating a token that enables the first application to perform the action on the second application.
  - 13. The method of claim 9, further comprising:
    - in response to receiving authentication credential information associated with the first identity provider, retrieving identity data from the first identity provider, wherein the identity data includes first user identifying information;
      
      generating an identity collection interface, wherein one or more user input elements of the identity collection interface are pre-populated with at least first user identifying information;
      
      in response to receiving a request associated with the identity collection interface, generating a local account that includes first user identifying information;
      
      wherein the first identity provider is an external identity provider.
  - 14. The method of claim 9, wherein:
    - the second application is a different application than the first application; and
      
      at least one of the identity providers in the first set is not in the second set of identity providers.

15. A computer-readable non-transitory storage medium storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
- storing a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers;
  
  in response to receiving a first request associated with a first application, using the mapping to determine that one or more identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of the first application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, wherein the instructions further include instructions that cause the one or more processors to perform:
    - in response to determining that the one or more identity providers can be used to perform authentication activities on behalf of the first application, generating credential collection data for use with a credential collection interface, wherein the credential collection data identifies at least one of the one or more first identity providers.
  - 17. The method of claim 16, wherein the instructions further include instructions that cause the one or more processors to perform:
    - generating a user interface using the credential collection data, wherein the user interface includes one or more authentication user interface elements for collecting authentication credentials.
  - 18. The method of claim 16, wherein the instructions further include instructions that cause the one or more processors to perform:
    - in response to receiving a second request associated with a second application, using the mapping to determine that one or more identity providers of a second plurality of identity providers can be used to perform authentication activities on behalf of the second application.
  - 19. The method of claim 16, wherein the instructions further include instructions that cause the one or more processors to perform:
    - determining that a first user of the first application has been authenticated using a first identity provider of the one or more first identity providers;
      
      in response to a request from the first application to perform an action associated with a second application, determining that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider; and
      
      generating a token that enables the first application to perform the action on the second application.
  - 20. The method of claim 16, wherein the instructions further include instructions that cause the one or more processors to perform:
    - in response to receiving authentication credential information associated with the first identity provider, retrieving identity data from the first identity provider, wherein the identity data includes first user identifying information;
      
      generating an identity collection interface, wherein one or more user input elements of the identity collection interface are pre-populated with at least first user identifying information;
      
      in response to receiving a request associated with the identity collection interface, generating a local account that includes first user identifying information;
      
      wherein the first identity provider is an external identity provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Srinivasan, Venkataraman Uppili, Angal, Rajeev, Sondhi, Ajay, Bhat, Shivaram

Granted Patent

US 9,043,886 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 9/3234   involving additional secure...

RELYING PARTY PLATFORM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

RELYING PARTY PLATFORM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links