HANDLING CLAIMS TRAVERSING SECURITY BOUNDARIES

US 20130347063A1
Filed: 06/21/2012
Published: 12/26/2013
Est. Priority Date: 06/21/2012
Status: Abandoned Application

First Claim

Patent Images

1. In a computing environment having a plurality of security contexts, a method of sharing security claims across different security contexts, the method comprising:

for a first security context, identifying a first set of security claims;

modifying the first set of security claims to create a second set of security claims that is allowed to be sent from the first security context;

for a second security context, identifying security claim requirements; and

modifying the second set of security claims to satisfy the security claim requirements for the second security context.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Sharing security claims across different security contexts. A method includes, for a first security context, identifying a first set of security claims. The method further includes for the first security context identifying a second set of security claims from the first set of security claims that is allowed to be sent from the first security context. The first set of security claims is modified to create the second set of security claims. For a second security context, security claim requirements are identified. The second set of security claims is modified to satisfy the security claim requirements for the second security context.

6 Citations

20 Claims

1. In a computing environment having a plurality of security contexts, a method of sharing security claims across different security contexts, the method comprising:
- for a first security context, identifying a first set of security claims;
  
  modifying the first set of security claims to create a second set of security claims that is allowed to be sent from the first security context;
  
  for a second security context, identifying security claim requirements; and
  
  modifying the second set of security claims to satisfy the security claim requirements for the second security context.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein modifying at least one of the first or the second set of security claims comprises filtering claims from the first or second set of security claims.
  - 3. The method of claim 1, wherein modifying at least one of the first or the second set of security claims comprises substituting one or more claims for one or more claims in the first or second set of security claims.
  - 4. The method of claim 1, wherein modifying at least one of the first or the second set of security claims comprises transforming one or more claims in the first or second set of security claims.
  - 5. The method of claim 1, wherein modifying at least one of the first or the second set of security claims comprises adding one or more claims to the first or second set of security claims.
  - 6. The method of claim 1 wherein modifying at least one of the first or second set of security claims is performed according to a pre-specified default set of rules.
  - 7. The method of claim 1 further comprising receiving user input regarding configuration of claim handling and wherein at least one of modifying the first set of security claims or modifying the second set of security claims is done according to the user input.
  - 8. The method of claim 1 wherein modifying the first set of security claims to create the second set of security claims is performed to restrict what claims are allowed out of the first security context.
  - 9. The method of claim 1 wherein modifying the second set of security claims is performed to restrict what claims are allowed into the second security context.
  - 10. The method of claim 1, further comprising detecting mis-configurations of claim sets from a security context perspective and as a result preventing security from being compromised.
  - 11. The method of claim 9, wherein preventing security from being compromised comprises preventing claims from being passed from the first security context.
  - 12. The method of claim 9, wherein preventing security from being compromised comprises preventing claims from being passed into the second security context.
  - 13. The method of claim 1, wherein the first security context and the second security context belong to a common security envelope.
  - 14. The method of claim 1, wherein the first security context and the second security context belong to different security envelopes.

15. One or more computer readable media comprising computer executable instructions that when executed by one or more processors cause one or more processors to perform the following:
- for a first security context, identifying a first set of security claims;
  
  modifying the first set of security claims to create a second set of security claims that is allowed to be sent from the first security context;
  
  for a second security context, identifying security claim requirements; and
  
  modifying the second set of security claims to satisfy the security claim requirements for the second security context.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer readable media of claim 15, wherein modifying at least one of the first or the second set of security claims comprises filtering claims from the first or second set of security claims.
  - 17. The computer readable media of claim 15, wherein modifying at least one of the first or the second set of security claims comprises substituting one or more claims for one or more claims in the first or second set of security claims.
  - 18. The computer readable media of claim 15, wherein modifying at least one of the first or the second set of security claims comprises transforming one or more claims in the first or second set of security claims.
  - 19. The computer readable media of claim 15, wherein modifying at least one of the first or the second set of security claims comprises adding one or more claims to the first or second set of security claims.

20. In a computing environment having a plurality of security contexts, a computing system configured to share security claims across different security contexts, the system comprising:
- a first security context, wherein the first security context comprises a scope within which claims are interpreted uniformly for the first security context;
  
  a first claims transformation engine embodied in the first security context, wherein the first claims transformation engine is configured to;
  
  identify a first set of security claims that are valid for the first security context; and
  
  modify the first set of security claims to create a second set of security claims that is allowed to be sent from the first security context;
  
  a second security context, wherein the second security context comprises a scope within which claims are interpreted uniformly for the second security context; and
  
  a second claims transformation engine embodied in the second security context, wherein the second claims transformation engine is configured to modify the second set of security claims to satisfy the security claim requirements for the second security context.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Madakasira, Sarath, Bhai, Siddharth, Simmons, James J., Nanda, Arun K., Novak, Mark Fishel, Fairfax, Ryan J., Cao, Qi

Application Number

US13/529,853
Publication Number

US 20130347063A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/604 Tools and structures for ma...

H04L 63/20 for managing network securi...

HANDLING CLAIMS TRAVERSING SECURITY BOUNDARIES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HANDLING CLAIMS TRAVERSING SECURITY BOUNDARIES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links