HOME REALM DISCOVERY IN MIXED-MODE FEDERATED REALMS
First Claim
1. A computer program product comprising one or more computer storage media having thereon computer-executable instructions that are structured such that, when executed by one or more processors of a computing system, cause an application to perform a method for authenticating identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication, the method comprising:
- an act of responding to requests for service from valid identities in the realm that are to be authenticated by direct authentication with a direct authentication interface;
an act of responding to requests for service from valid identities in the realm that are to be authenticated by federated authentication with a federated authentication interface; and
an act of responding to requests for service from invalid identities pseudo-randomly with either the direct authentication interface or the federated authentication interface.
2 Assignments
0 Petitions
Accused Products
Abstract
The authentication of identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication. Requests for service from valid identities in the realm that are to be authenticated by direct authentication are responded to with a direct authentication interface. Requests for service from valid identities in the realm that are to be authenticated by federated authentication are responded to with a federated authentication interface. Requests for service from invalid identities are responded to pseudo-randomly with either the direct authentication interface or the federated authentication interface.
-
Citations
20 Claims
-
1. A computer program product comprising one or more computer storage media having thereon computer-executable instructions that are structured such that, when executed by one or more processors of a computing system, cause an application to perform a method for authenticating identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication, the method comprising:
-
an act of responding to requests for service from valid identities in the realm that are to be authenticated by direct authentication with a direct authentication interface; an act of responding to requests for service from valid identities in the realm that are to be authenticated by federated authentication with a federated authentication interface; and an act of responding to requests for service from invalid identities pseudo-randomly with either the direct authentication interface or the federated authentication interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for authenticating identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication, the method comprising:
-
an act of receiving a first request for service associated with a first identity in a realm; an act of determining that the first identity is a valid identity and is one of a plurality of identities in the realm that are to be authenticated by direct authentication; an act of responding to the first request for service with a direct authentication interface; an act of receiving a second request for service associated with a second identity in the realm; an act of determining that the second identity is a valid identity and is one of a plurality of identities in the realm that are to be authenticated by federated authentication; an act of responding to the second request for service with a federated authentication interface; an act of receiving a third request for service associated with a third identity in the realm; an act of determining that the third identity is not a valid identity; an act of pseudo-randomly determining whether to respond with the direct authentication interface or the federated authentication interface; and an act or responding to the third request for service with the determined authentication interface. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising one or more computer storage media having thereon computer-executable instructions that are structured such that, when executed by one or more processors of a computing system, cause an application to perform a method for a service provider or application authenticating identities within a realm in which some identities are authenticated using direct authentication, and some identities are authenticated using federated authentication, the method comprising:
-
an act of responding to requests for service from valid identities in the realm that are to be authenticated by direct authentication with a direct authentication interface; an act of responding to requests for service from valid identities in the realm that are to be authenticated by federated authentication with a federated authentication interface, wherein the federated authentication interface prompts a user to negotiate authentication with a third-party identity provider to receive credentials that may then be provided back to the service provider or application; and an act of responding to requests for service from invalid identities pseudo-randomly with either the direct authentication interface or the federated authentication interface, wherein the act of responding to requests for service from invalid identities pseudo-randomly results in the same determination for any given invalid entity each time a request is made on behalf of the invalid identity, the act of responding to requests for service from invalid identities pseudo-randomly comprises the following for each of such requests for service from invalid identities;
an act of encrypting the invalid identity;
an act of hashing the encryption of the invalid identity; and
an act of determining whether to respond with a direct authentication interface or a federated authentication interface based on the hash result of the invalid identity,wherein each of the three acts of responding take approximately the same amount of time.
-
Specification