IDENTITY MANAGEMENT SYSTEM
2 Assignments
0 Petitions
Accused Products
Abstract
There is described a system for authenticating a client device in a network having a plurality of IDM components. One or more of the IDM components subscribes (using the publish-subscribe message pattern) to authentication requests published by client devices. The client device publishes an authentication request into the network. The most appropriate IDM component to process the published authentication request is selected, and the authentication request forwarded to the selected IDM component. The selected IDM component is then operated to negotiate with and authenticate the client device.
22 Citations
68 Claims
-
1-48. -48. (canceled)
-
49. A client device in a network having a plurality of identity management, IDM, components, the client device comprising:
-
a processor and a memory, said memory containing instructions executable by said processor to cause the processor to; generate a request for authentication; publish the authentication request using a publish-subscribe message pattern into the network via an input/output unit operably connected to the processor; receive an authentication initiation message from one of the IDM components in the network; and negotiate the receipt of authentication information from the IDM component. - View Dependent Claims (50, 51, 52, 53, 54, 61, 66, 67, 68)
-
-
55. An identity management, IDM, component in a network having a plurality of IDM components, the IDM component comprising:
-
a processor and a memory, said memory containing instructions executable by said processor to cause the processor to; subscribe, via an input/output unit, to authentication requests published in the network; receive an authentication request published by a client device; initiate a negotiation with the client device; and authenticate the client device or a user of the client device. - View Dependent Claims (56, 57, 58, 59, 60)
-
-
62. A service provider in a network having distributed identity management, IDM, components, the service provider comprising:
-
a processor and a memory, said memory containing instructions executable by said processor to cause the processor to; receive, via an input/output device, a service request from a client device in the network, said service request including an authentication of the client and/or an assertion token and an identification of one of the IDM components in the network; send a verification request to the IDM component; receive a verification from the IDM component of the client authentication and/or assertion token; and deliver the requested service to the client device.
-
-
63. A service provider in a network having distributed identity management, IDM, components, the service provider comprising:
-
a processor and a memory, said memory containing instructions executable by said processor to cause the processor to; receive, via an input/output device, a service request from a client device in the network, said service request including an authentication of the client and/or an assertion token; publish a verification request into the network; receive a verification, from one of the IDM components in the network, of the client authentication and/or assertion token; and deliver the requested service to the client device.
-
-
64. A broker in a network having distributed identity management, IDM, components, the broker comprising:
-
a processor and a memory, said memory containing instructions executable by said processor to cause the processor to; receive, from at least one of the IDM components via an input/output device, a subscription to authentication requests; receive an authentication request published by a client device in the network; determine if the subscription matches the published authentication request; and forward the authentication request to one of the at least one IDM components. - View Dependent Claims (65)
-
Specification