Cross domain authentication and security services using proxies for HTTP access
First Claim
1. A cross-domain authentication apparatus, the apparatus comprising:
- a first computer on a first domain and a second computer on a second domain;
a network connecting the first and second computers;
a secret shared between the first and second computers; and
a federation access policy identifying access permission on the first computer on the first domain for a user local to the second computer on the second domain over the network.
11 Assignments
0 Petitions
Accused Products
Abstract
Two identity spaces form a federation by agreeing to use a secret key to facilitate secure access of resources between them. When one identity space receives a request for a resource from a user in the other identity space, the first identity space checks to see if the resource is protected. If the resource is protected, the first identity space requests that a mediator in the second identity space authenticate the external user. The mediator verifies the external user'"'"'s authenticity. Once the external user is authenticated, the mediator securely informs the first identity space, using the secret key, that the external user is authenticated to access the resource. The identity space then grants the user access to the resource if the user is allowed access as per the access control policy of the identity space.
-
Citations
48 Claims
-
1. A cross-domain authentication apparatus, the apparatus comprising:
-
a first computer on a first domain and a second computer on a second domain; a network connecting the first and second computers; a secret shared between the first and second computers; and a federation access policy identifying access permission on the first computer on the first domain for a user local to the second computer on the second domain over the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 24, 25, 26, 29, 30, 31, 32, 33, 37, 38, 39, 40, 45, 46, 47, 48)
-
-
21. A method for performing cross domain authentication, the method comprising:
-
receiving a request for a resource on a first computer on a first domain from a user local to a second computer on a second domain over a network; challenging the user to be authenticated; authenticating the user in the second domain; informing the first computer on the first domain that the user is authenticated in the second domain; and accessing the resource from the first computer on the first domain using the second computer on the second domain. - View Dependent Claims (22, 23, 27, 28, 34, 35, 36, 41, 42, 43, 44)
-
Specification