IDENTITY ASSERTION FRAMEWORK
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for implementing an identity assertion framework to authenticate a user in a federation of security domains are provided. A first security token service associated with a first security domain is configured to receive a request for a first token from a device and issue the first token based on a first issuing policy of the first security domain. A token authenticator associated with a second security domain is configured to determine that the first token is not issued in the second security domain. A hardware-processor-implemented second security token service is configured to receive the first token from the token authenticator, determine that the first token was issued by the first security token service, and validate the first token based on a local federation policy that defines a federation agreement between the first security domain and the second security domain.
32 Citations
21 Claims
-
1. (Canceled)
-
2. A system comprising:
-
a first security token service associated with a first security domain and configured to; receive a request for a first token from a device and issue the first token based on a first issuing policy of the first security domain; a token authenticator associated with a second security domain and configured to determine that the first token is not issued in the second security domain; and a hardware-processor-implemented second security token service configured to; receive the first token from the token authenticator, determine that the first token was issued by the first security token service, and validate the first token based on a local federation policy that defines a federation agreement between the first security domain and the second security domain. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a request for a first token from a device; issuing the first token based on a first issuing policy of the first security domain; determining that the first token is not issued in the second security domain; receiving the first token from the token authenticator; determining that the first token was issued by the first security token service; and validating the first token based on a local federation policy that defines a federation agreement between the first security domain and the second security domain. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory machine-readable medium comprising instructions that when executed by one or more hardware processors of a machine, cause the machine to perform operations comprising:
-
receiving a request for a first token from a device; issuing the first token based on a first issuing policy of the first security domain; determining that the first token is not issued in the second security domain; receiving the first token from the token authenticator; determining that the first token was issued by the first security token service; and validating the first token based on a local federation policy that defines a federation agreement between the first security domain and the second security domain. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification