×

Identity based service system

  • US 7,290,278 B2
  • Filed: 10/02/2003
  • Issued: 10/30/2007
  • Est. Priority Date: 10/02/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. A system, comprising:

  • a device;

    at least one first entity associated with the device, the first entity comprising any of a user, a user agent and a principal;

    a first user identifier in a first namespace associated with the first entity, the first user identifier comprising any of a name identifier and an identity assertion;

    a second user identifier in a second namespace associated with the first entity, the second user identifier known to a service provider, the second namespace disparate from the first namespace, wherein the first user identifier and the second user identifier are pseudonymous to each other;

    an authentication agency;

    means for sending a login request from the first entity to the authentication agency;

    means for receiving an assertion at the first entity from the authentication agency in response to the log in request;

    means for sending the received assertion and the first user identifier in the first namespace to a participant;

    means for authenticating the first entity at the participant with the received assertion;

    means for sending the first user identifier in the first namespace and a request for service on behalf of the first entity from a second entity comprising any of the participant and a service consumer associated with the participant to any of the authentication agency and a discovery service associated with the authentication agency, using the received assertion, the request for service comprising a request for a service descriptor for locating the service provider, and a request for a service assertion for accessing the service provider;

    means for translating the first user identifier in the first namespace to the second user identifier in the second namespace at the authentication agency;

    means for an sending the service descriptor, the service assertion, and the second user identifier from the authentication agency to the second entity in response to the sent request for service if the first entity is enabled for the requested service, wherein the sent second user identifier is sent in a format that the second entity is blinded to the second user identifier;

    means for sending the service assertion to the service provider; and

    means for providing the requested service for the second entity at the service provider in response to the received service assertion if the second entity is authorized for the requested service by the user.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×