Federated identity brokering
First Claim
1. A federated identity brokering method, within a gateway service/proxy, comprising the steps of:
- intercepting a service request from a service requestor targeting a specific logical service;
comparing a security credential associated with said service request to credential requirements specified by said specific logical service;
modifying said security credential to comport with said credential requirements; and
,routing said intercepted service request with said modified security credential to said specific logical service, whereinsaid gateway service/proxy is disposed in a demilitarized zone, andsaid specific logical service disposed in a private network domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and apparatus for federated identity brokering. In accordance with the present invention, a credential processing gateway can be disposed between one or more logical services and one or more service requesting clients in a computer communications network. Acting as a proxy and a trusted authority to the logical services, the credential processing gateway can map the credentials of the service requesting clients to the certification requirements of the logical services. In this way, the credential processing gateway can act as a federated identity broker in providing identity certification services for a multitude of different service requesting clients without requiring the logical services to include a pre-configuration for specifically processing the credentials of particular service requesting clients.
-
Citations
16 Claims
-
1. A federated identity brokering method, within a gateway service/proxy, comprising the steps of:
-
intercepting a service request from a service requestor targeting a specific logical service; comparing a security credential associated with said service request to credential requirements specified by said specific logical service; modifying said security credential to comport with said credential requirements; and
,routing said intercepted service request with said modified security credential to said specific logical service, wherein said gateway service/proxy is disposed in a demilitarized zone, and said specific logical service disposed in a private network domain. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A federated identity brokering system comprising:
-
a gateway service/proxy configured for communicative coupling to a plurality of logical services and a plurality of service requestors; a private service description repository communicatively coupled to said gateway service/proxy and to said logical services and storing a plurality original endpoint service descriptions for said logical services, each of said original endpoint service descriptions indicating credential requirements for corresponding ones of said logical services; and
,a public service description repository communicatively coupled to said service requestors and said gateway service/proxy and storing expanded versions of said original endpoint service descriptions for said logical services, wherein said gateway service/proxy is disposed in a demilitarized zone, said logical services and said private service description repository are disposed in a private network domain, and wherein said public service description is exposed for access by said service requestors. - View Dependent Claims (8, 9, 10)
-
-
11. A machine readable storage having stored thereon a computer program for federated identity brokering, within a gateway service/proxy, the computer program comprising a routine set of instructions which when executed by a machine cause the machine to perform the steps of:
-
intercepting a service request from a service requestor targeting a specific logical service; comparing a security credential associated with said service request to credential requirements specified by said specific logical service; modifying said security credential to comport with said credential requirements; and
,routing said intercepted service request with said modified security credential to said specific logical service, wherein said gateway service/proxy is disposed in a demilitarized zone, and said specific logical service disposed in a private network domain. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification