Secure configuration catalog of trusted identity providers
First Claim
1. A method for enabling access to a protected resource, comprising:
- in association with a service provider, maintaining a catalog of information identifying one or more identity providers that are trusted by a service provider, the service provider executing on a data processing machine having a hardware element;
upon receipt by the service provider of identity information representing a user that has authenticated to an identity provider, determining, using information in the catalog of information, whether the identity provider is trusted to authenticate the user on the service provider'"'"'s behalf; and
if the identity provider is trusted, permitted the user to access the protected resource.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP'"'"'s behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider'"'"'s behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid.
-
Citations
21 Claims
-
1. A method for enabling access to a protected resource, comprising:
-
in association with a service provider, maintaining a catalog of information identifying one or more identity providers that are trusted by a service provider, the service provider executing on a data processing machine having a hardware element; upon receipt by the service provider of identity information representing a user that has authenticated to an identity provider, determining, using information in the catalog of information, whether the identity provider is trusted to authenticate the user on the service provider'"'"'s behalf; and if the identity provider is trusted, permitted the user to access the protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method for enabling access to a protected resource, the method comprising; in association with a service provider, maintaining a catalog of information identifying one or more identity providers that are trusted by a service provider; upon receipt by the service provider of identity information representing a user that has authenticated to an identity provider, determining, using information in the catalog of information, whether the identity provider is trusted to authenticate the user on the service provider'"'"'s behalf; and if the identity provider is trusted, permitted the user to access the protected resource. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system for providing identity provider services using an identity provider instance discovery service, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method for enabling access to a protected resource, the method comprising:
-
in association with a service provider, maintaining a catalog of information identifying one or more identity providers that are trusted by a service provider; upon receipt by the service provider of identity information representing a user that has authenticated to an identity provider, determining, using information in the catalog of information, whether the identity provider is trusted to authenticate the user on the service provider'"'"'s behalf; and if the identity provider is trusted, permitted the user to access the protected resource. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification