Authentication and authorization across autonomous network systems
First Claim
1. An enterprise network architecture, comprising:
- a first network system including a plurality of first network system domains;
a second network system including a plurality of second network system domains, the second network system being autonomous from the first network system such that the first network system domains are administratively independent from the second network system domains; and
a trust link between a first network system root domain and a second network system root domain, the trust link configured to provide transitive resource access between the plurality of first network system domains and the plurality of second network system domains where the transitive resource access includes remote authentication such that an account managed by the second network system initiates a request for authentication via a first network system domain, and where it is determined from the trust link where to communicate the account request and to authenticate the request via the trust link.
2 Assignments
0 Petitions
Accused Products
Abstract
An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
147 Citations
62 Claims
-
1. An enterprise network architecture, comprising:
-
a first network system including a plurality of first network system domains; a second network system including a plurality of second network system domains, the second network system being autonomous from the first network system such that the first network system domains are administratively independent from the second network system domains; and a trust link between a first network system root domain and a second network system root domain, the trust link configured to provide transitive resource access between the plurality of first network system domains and the plurality of second network system domains where the transitive resource access includes remote authentication such that an account managed by the second network system initiates a request for authentication via a first network system domain, and where it is determined from the trust link where to communicate the account request and to authenticate the request via the trust link. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A network system domain, comprising:
-
a root domain controller communicatively linked with a plurality of network system domains in a first network system; and a trusted domain component configured to define a trust link between the root domain controller and a second network system root domain controller, the second network system root domain controller communicatively linked with a plurality of second network system domains that are administratively independent from the first network system domains, and the trust link being configured to provide transitive resource access between the first network system domains and the second network system domains, the trusted domain component being further configured to provide remote network authentication such that an account managed by a second network system domain initiates a request for authentication via a first network system domain, and where it is determined from the trust link where to communicate the account request and to authenticate the request via the trust link. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A first network system domain controller performing a method comprising:
-
establishing a trust link with a second network system domain controller to provide transitive resource access between domains in a first network system and domains in a separate, autonomous second network system; receiving an authentication request from an account managed by a domain in the second network system; and determining from the trust link where to communicate the request and authenticating the request via the trust link. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A first network system domain controller performing a method comprising:
-
establishing a trust link with a second network system domain controller to provide transitive resource access between domains in a first network system and domains in a separate, autonomous second network system; receiving a resource request from an account managed by the first network system domain controller; determining from the trust link where to communicate the resource request; and communicating the resource request to the second network system domain controller via the trust link. - View Dependent Claims (49, 50, 51, 52)
-
-
53. One or more computer-readable media comprising computer-executable instructions that, when executed, direct a first network system domain controller to perform a method comprising:
-
establishing a trust link with a second network system domain controller to provide transitive resource access between domains in a first network system and domains in a separate, autonomous second network system; receiving a resource request from an account managed by a domain controller in the second network system; determining from the trust link to communicate the resource request to the second network system; and communicating the resource request to the second network system domain controller via the trust link. - View Dependent Claims (54)
-
-
55. One or more computer-readable media comprising computer-executable instructions that, when executed, direct a domain controller in a first network system to perform a method comprising:
-
requesting network system identifiers corresponding to a second network system to create a trust link between the first network system and the second network system, the second network system being autonomous from the first network system; the trust link configured to provide transitive resource access between the plurality of first network system domains and the plurality of second network system domains; determining whether to accept the network system identifiers; designating accepted network system identifiers as trusted with trust indicators; creating a data structure to maintain the accepted network system identifiers and corresponding trust indicators; receiving a resource request from an account managed by the first network system domain controller; determining from the trust link where to communicate the resource request; and communicating the resource request via the trust link. - View Dependent Claims (56, 57)
-
-
58. A domain controller in a first network system performing a method comprising:
-
receiving a security identifier from a domain controller in a second network system via a trust link, the security identifier corresponding to an account managed by the second network system; the trust link configured to provide transitive resource access between the plurality of first network system domains and the plurality of second network system domains; determining whether the security identifier is valid; trusting the account corresponding to the security identifier if the security identifier is determined to be valid; receiving a resource request from an account managed by the first network system domain controller; determining from the trust link where to communicate the resource request; and communicating the resource request via the trust link. - View Dependent Claims (59, 60, 61, 62)
-
Specification