Techniques for dynamically establishing and managing trust relationships
First Claim
1. A method for dynamically establishing trust relationships, comprising:
- acquiring a community list for a requesting principal via an identity service, wherein the community list includes one or more different principals with which the requesting principal can permissibly establish a trust relationship and wherein the community list identifies other principals that the requesting principal may not engage in other trusted relationships with and the community list also includes conditions for particular ones of the one or more different principals that are to be satisfied before the trust relationship with those particular ones are permitted to proceed;
dynamically maintaining the community list separate from the principal via the identity service in a trust configuration associated with the requesting principal, and wherein the trust configuration includes a threshold limitations which cannot be exceeded by the requesting principal, and wherein hard limitations with respect to communications with the one or more different principals and which are defined in the trust configuration cannot be expanded by the requesting principal but the requesting principal can add more restrictive limitations to a version of the trust configuration being maintained by the requesting principal; and
transmitting the community list and a copy of the trust configuration to the requesting principal, and wherein the identity service is an intermediary between the requesting principal and one of the one or more different principals.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for dynamically establishing and managing trust relationships. A first principal initially requests a community list. The community list includes identities of one or more second principals with which the first principal can establish trusted relationships with. The community list is associated with a trust specification. The trust specification defines the policies and access rights associated with interactions between the first principal and the second principals during any active trusted relationships. The first principal can dynamically subdivide, manage, and modify entries of the community list and the trust specification, assuming any such modifications are permissible according to global contracts and policies associated with the first principal.
-
Citations
24 Claims
-
1. A method for dynamically establishing trust relationships, comprising:
-
acquiring a community list for a requesting principal via an identity service, wherein the community list includes one or more different principals with which the requesting principal can permissibly establish a trust relationship and wherein the community list identifies other principals that the requesting principal may not engage in other trusted relationships with and the community list also includes conditions for particular ones of the one or more different principals that are to be satisfied before the trust relationship with those particular ones are permitted to proceed; dynamically maintaining the community list separate from the principal via the identity service in a trust configuration associated with the requesting principal, and wherein the trust configuration includes a threshold limitations which cannot be exceeded by the requesting principal, and wherein hard limitations with respect to communications with the one or more different principals and which are defined in the trust configuration cannot be expanded by the requesting principal but the requesting principal can add more restrictive limitations to a version of the trust configuration being maintained by the requesting principal; and transmitting the community list and a copy of the trust configuration to the requesting principal, and wherein the identity service is an intermediary between the requesting principal and one of the one or more different principals. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for dynamically managing trust relationships, comprising:
-
receiving a community list from an identity service, wherein the community list includes one or more principals with which trusted relationships can be established, and wherein the community list identifies specific principals that a requesting principal may not engage in other trusted relationships with and the community list also includes conditions for particular ones of the one or more different principals that are to be satisfied before the trust relationship with those particular ones are permitted to proceed with the requesting principal; acquiring one or more trust specifications for the community list from the identity service, and wherein the trust specifications includes threshold limitations which cannot be exceeded by the one or more principals, and wherein hard limitations with respect to communications among the principals and which are defined in the trust specifications cannot be expanded by the principals but any given requesting principal can add more restrictive limitations to a particular trust specification being maintained by that requesting principal; and dynamically managing interactions with the one or more principals according to the one or more trust specifications, and wherein the identity service is an intermediary between the requesting principal and one of the one or more different principals. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A trusted relationship management system, comprising:
-
a first principal service; a plurality of second principal services; and an identity service, which is an intermediary between the first principal service and the plurality of second principal services, wherein the first principal service receives a community list from the identity service that identifies a plurality of second principals with which a first principal can establish trusted relationships via the first principal service, which interacts with each of the second principal services, and wherein interactions occurring between the first principal and the second principals are defined by an initial trust specification assembled by the identity service and initially delivered to the first principal service as a version of that trust specification and that version includes a threshold limitations which cannot be exceeded by the first principal, and wherein hard limitations with respect to communications with the second principals and which are defined in the version of the trust specification cannot be expanded by the first principal but the first principal can add more restrictive limitations to the version being maintained by the first principal. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
Specification