Localized access
First Claim
Patent Images
1. A computer-implemented method of providing access for an identity system, comprising:
- creating a set of locales in a set of identity profiles, said creating a set of locales includes choosing a subset of one or more attributes of said identity profiles that can store any one of multiple values, each locale includes a subset of said identity profiles that each have one or more matching values for said chosen subset of one or more attributes;
allowing entities associated with identity profiles in a particular locale to access other identity profiles in said particular locale; and
denying access to a first identity profile for entities associated with identity profiles that are not in any locale with said first identity profile.
5 Assignments
0 Petitions
Accused Products
Abstract
An identity management system manages identity profiles that store information about various entities. A localized access feature for an identity management system allows for a set of identity profiles to be grouped together in order to define a locale. Users outside the locale can be restricted from accessing identity profiles inside the locale. Alternatively, users outside the locale can be restricted from accessing certain attributes of identity profiles inside the locale.
-
Citations
21 Claims
-
1. A computer-implemented method of providing access for an identity system, comprising:
-
creating a set of locales in a set of identity profiles, said creating a set of locales includes choosing a subset of one or more attributes of said identity profiles that can store any one of multiple values, each locale includes a subset of said identity profiles that each have one or more matching values for said chosen subset of one or more attributes; allowing entities associated with identity profiles in a particular locale to access other identity profiles in said particular locale; and denying access to a first identity profile for entities associated with identity profiles that are not in any locale with said first identity profile. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
-
receiving a choice of a subset of one or more attributes that can store any one of multiple values; creating subsets of identity profiles from a set of identity profiles, each subset includes identity profiles that each have one or more matching values for said subset of one or more attributes; allowing entities associated with identity profiles in a particular subset to access other identity profiles in said particular subset; and denying access to a first identity profile for entities associated with identity profiles that are not in any subset with said first identity profile. - View Dependent Claims (7)
-
-
8. An apparatus that provides for localized access, comprising:
- a communication interface;
one or more storage devices; and one or more processors in communication with said one or more storage devices and said communication interface, said one or more processors perform a method comprising; creating a set of locales in a set of identity profiles, said creating a set of locales includes choosing a subset of one or more attributes of said identity profiles that can store any one of multiple values, each locale includes a subset of said identity profiles that each have one or more matching values for said chosen subset of one or more attributes, allowing entities associated with identity profiles in a particular locale to access other identity profiles in said particular locale, and denying access to a first identity profile for entities associated with identity profiles that are not in any locale with said first identity profile. - View Dependent Claims (9, 10)
- a communication interface;
-
11. A method of providing access for an identity system, comprising:
-
receiving a selection of a subset of one or more attributes that can store any one of multiple values; creating a locale of identity profiles from a set of identity profiles, each identity profile of said locale has one or more matching values for said subset of one or more attributes; allowing entities associated with each of said identity profiles in said locale to potentially access other identity profiles in said locale; denying access to a particular identity profile in said locale for entities associated with identity profiles that are not in any locale in common with said particular identity profile; and allowing entities associated with each of said identity profiles in said locale to access one or more attributes within one or more of said plurality of profiles in said locale based on a localized access filter for each of the one or more attributes. - View Dependent Claims (12)
-
-
13. A method of providing localized access in an identity management system, the method comprising:
-
receiving from a source a request to access an attribute of an identity profile of a target; determining whether the source is in a locale indicated by a class attribute of an identity profile of the target, wherein the class attribute of the identity profile of the target has an associated filter and determining whether the source is in the locale indicated by the class attribute of the identity profile of the target comprises comparing an attribute of an identity profile of the source to the filter associated with the class attribute of the identity profile of the target; in response to determining the source is in the locale indicated by the class attribute of the target, allowing the source to access the identity profile of the target. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification