Security claim transformation with intermediate claims
First Claim
1. One or more device-readable storage media encoded with device-executable instructions including steps comprising:
- receiving, at an identity provider, a request for information from a resource provider to authenticate an account;
retrieving a security claim associated with the account, the security claim being provided by an account store in a first format that is unique to the account store, wherein the account store is one of a plurality of account stores associated with the identity provider, wherein each of the plurality of account stores is associated with a unique format;
transforming the security claim from the first format to an intermediate format using a first transformation rule associated with the account store, wherein the security claim in the first format and the security claim in the intermediate format contain semantically the same information;
transforming the security claim from the intermediate format to a second format using a second transformation rule associated with the resource provider, the second format recognized by the resource provider;
providing the security claim in the second format to the resource provider.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider. A similar two step transformation process using intermediate claims can also be implemented by the resource provider to transform security claims provided by an identity provider from a federated format to formats recognized by the applications.
38 Citations
18 Claims
-
1. One or more device-readable storage media encoded with device-executable instructions including steps comprising:
-
receiving, at an identity provider, a request for information from a resource provider to authenticate an account; retrieving a security claim associated with the account, the security claim being provided by an account store in a first format that is unique to the account store, wherein the account store is one of a plurality of account stores associated with the identity provider, wherein each of the plurality of account stores is associated with a unique format; transforming the security claim from the first format to an intermediate format using a first transformation rule associated with the account store, wherein the security claim in the first format and the security claim in the intermediate format contain semantically the same information; transforming the security claim from the intermediate format to a second format using a second transformation rule associated with the resource provider, the second format recognized by the resource provider; providing the security claim in the second format to the resource provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more device-readable storage media encoded with device-executable components comprising:
-
account stores configured to maintain data associated with accounts, each account store further configured to provide a security claim in a format specific to the account store, wherein the account stores include at least one of;
Active Directory (AD), Active Directory Application Mode (ADAM), or Structured Query Language (SQL) systems; andan identity provider security token service (STS-IP) configured to retrieve the security claims provided by the account stores, the STS-IP also configured to transform each security claim from the format specific to the account store providing the security claim to an intermediate format, wherein each security claim in the format specific to the account store providing the security claim and in the intermediate format contain semantically the same information, the STS-IP further configured to transform the security claim from the intermediate format to a federated format specific to a resource provider to which the security claim is to be sent. - View Dependent Claims (11, 12, 13)
-
-
14. A federated authentication system having one or more computing devices, the federated authentication system comprising:
-
means for receiving information for authenticating a user seeking access to services provided by a resource provider; means for receiving a security claim associated with the user from an account store in an identity provider system, wherein the security claim is in an account store specific format associated with the account store, wherein the account store is one of a plurality of account stores associated with the identity provider system, wherein each of the plurality of account stores is associated with a distinct account store specific format; means for transforming the security claim from the account store specific format to an intermediate format, wherein the security claim in the account store specific format and the security claim in the intermediate format contain semantically the same information; means for transforming the security claim from the intermediate format to a federated format recognized by the resource provider; and means for providing the security claim in the federated format to the resource provider using a security token. - View Dependent Claims (15, 16, 17, 18)
-
Specification