Enabling identity information exchange between circles of trust
First Claim
1. A system for identifying a principal in a first circle of trust, comprising:
- a service provider within the first circle of trust, wherein the first circle of trust is implemented using a first architecture;
a first identity provider comprising a first computer processor and operatively connected to the service provider in the first circle of trust, wherein the first identity provider is configured to;
receive a request for identity information associated with the principal from the service provider;
determine that no identification exists for the principal within the first circle of trust;
generate a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture;
anda second identity provider, comprising a second computer processor, within a second circle of trust and configured to;
receive the translated identity assertion request from the first identity provider;
generate identity information associated with the principal in response to the translated identity assertion request; and
send the identity information associated with the principal to the first identity provider in the first circle of trust, wherein the second circle of trust is implemented using the second architecture, andwherein the first identity provider in the first circle of trust is further configured to translate identity information associated with the principal received from the second identity provider into a format compliant with the first architecture and provide the identity information received from the second identity provider to the service provider.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for identifying a principal consisting of a service provider in a first circle of trust, where the first circle of trust is implemented using a first architecture; a first identity provider operatively connected to the service provider in the first circle of trust; and a second identity provider in a second circle of trust, where the second circle of trust is implemented using a second architecture, where the first identity provider is configured to contact the second identity provider, in compliance with the second architecture, as a virtual service provider in the second circle of trust to obtain identity information associated with the principal thereby allowing the first identity provider to identify the principal in the first circle of trust.
-
Citations
16 Claims
-
1. A system for identifying a principal in a first circle of trust, comprising:
-
a service provider within the first circle of trust, wherein the first circle of trust is implemented using a first architecture; a first identity provider comprising a first computer processor and operatively connected to the service provider in the first circle of trust, wherein the first identity provider is configured to; receive a request for identity information associated with the principal from the service provider; determine that no identification exists for the principal within the first circle of trust; generate a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture; and a second identity provider, comprising a second computer processor, within a second circle of trust and configured to; receive the translated identity assertion request from the first identity provider; generate identity information associated with the principal in response to the translated identity assertion request; and send the identity information associated with the principal to the first identity provider in the first circle of trust, wherein the second circle of trust is implemented using the second architecture, and wherein the first identity provider in the first circle of trust is further configured to translate identity information associated with the principal received from the second identity provider into a format compliant with the first architecture and provide the identity information received from the second identity provider to the service provider. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable storage medium comprising software instructions for identifying a principal in a first circle of trust, the software instructions, when executed by a computer processor, comprising functionality to:
-
receive, by a first identity provider, a request for identity information associated with the principal from a service provider, wherein the first identity provider and the service provider are within the first circle of trust, and wherein the first circle of trust is implemented using a first architecture; determine, by the first identity provider, that no identification exists for the principal within the first circle of trust; generate, by the first identity provider, a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture; send, by the first identity provider, the translated identity assertion request to a second identity provider in a second circle of trust, wherein the second circle of trust is implemented using the second architecture, and wherein the second identify provider in the second circle of trust generates identity information associated with the principal in response to the translated identity assertion request and sends the identity information associated with the principal to the first identity provider in the first circle of trust; and provide, by the first identity provider translated identity information associated with the principal received from the second identity provider into a format compliant with the first architecture, the identity information associated with the principal to the service provider, wherein the identity information is used for granting the principal access to the service provider. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method for identifying a principal in a first circle of trust, comprising:
-
receiving, by a first identity provider comprising a computer processor, a request for identity information associated with the principal from a service provider, wherein the first identity provider and the service provider are within the first circle of trust, and wherein the first circle of trust is implemented using a first architecture; determining, by the first identity provider, that no identification exists for the principal within the first circle of trust; generating, by the first identity provider and using the computer processor, a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture; sending, by the first identity provider and using the computer processor, the translated identity assertion request to a second identity provider in a second circle of trust, wherein the second circle of trust is implemented using the second architecture, wherein the second circle of trust is separate from the first circle of trust, and wherein the second identify provider in the second circle of trust generates identity information associated with the principal in response to the translated identity assertion request and sends the identity information associated with the principal to the first identity provider in the first circle of trust; and providing, by the first identity provider and using the computer processor translated identity information associated with the principal received from the second identity provider into a format compliant with the first architecture, the identity information associated with the principal to the service provider, wherein the identity information to used for granting the principal access to the service provider in the first circle of trust. - View Dependent Claims (13, 14, 15, 16)
-
Specification