Techniques for dynamically establishing and managing authentication and trust relationships
First Claim
Patent Images
1. A method for authenticating a principal, comprising:
- receiving an access request from a first principal for access to a second principal;
evaluating a contract to acquire a credential for the first principal;
transmitting the credential to the first principal for use in interacting with the second principal, wherein the credential includes authentication information, aggregated attributes and aggregated policies for use by the first principal in interacting with the second principal;
receiving a new request from the first principal for establishing a trust relationship with the second principal, wherein the trust relationship is established via communications having public-private key pairs between the first principal and the second principal;
determining if the trust relationship is permissible;
receiving a dynamically generated public key from the first principal associated with a dynamically generated private key, the dynamically generated private key maintained by the first principal; and
making the dynamically generated public key accessible to the second principal.
11 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for dynamically establishing and managing authentication and trust relationships. An identity service acquires and evaluates contracts associated with relationships between principals. The contracts permit the identity service to assemble authentication information, aggregated attributes, and aggregated policies which will drive and define the various relationships. That assembled information is consumed by the principals during interactions with one another and constrains those interactions. In some embodiments, the constraints are dynamically modified during on-going interactions between the principals.
-
Citations
10 Claims
-
1. A method for authenticating a principal, comprising:
-
receiving an access request from a first principal for access to a second principal; evaluating a contract to acquire a credential for the first principal;
transmitting the credential to the first principal for use in interacting with the second principal, wherein the credential includes authentication information, aggregated attributes and aggregated policies for use by the first principal in interacting with the second principal;receiving a new request from the first principal for establishing a trust relationship with the second principal, wherein the trust relationship is established via communications having public-private key pairs between the first principal and the second principal; determining if the trust relationship is permissible; receiving a dynamically generated public key from the first principal associated with a dynamically generated private key, the dynamically generated private key maintained by the first principal; and making the dynamically generated public key accessible to the second principal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification