Router for managing trust relationships
First Claim
Patent Images
1. A method of managing trust relationships between federated identity and service providers, the method comprising:
- receiving an assertion of a user identity from an identity provider of a plurality of identity providers, wherein each of the identity providers comprises a separate domain, via a first federation protocol from a first intermediary federation router configured as a consolidated identity provider of said plurality of identity providers, wherein the first intermediary federation router has a single trust relationship with each of said plurality of identity providers, wherein a destination service provider of a plurality of destination service providers is indicated with the assertion,verifying permission of the user identity to access the destination service provider; and
asserting the user identity to the destination service provider of said plurality of service providers, wherein each of the service providers comprises a separate domain, via a second federation protocol from a second intermediary federation router configured as a consolidated destination service provider of said plurality of destination service providers, such that said plurality of identity providers has a single trust relationship with said plurality of destination service providers only through said first intermediary federation router and said second intermediary router.
8 Assignments
0 Petitions
Accused Products
Abstract
One embodiment relates to a method of managing trust relationships between federated identity and service providers. An assertion of a user identity is received from an identity provider via a first federation protocol, wherein a destination service provider is indicated with the assertion. Permission of the user identity to access the destination service provider is verified. If permission is verified, the user identity is asserted to the destination service provider via a second federation protocol. Other embodiments and features are also disclosed.
-
Citations
13 Claims
-
1. A method of managing trust relationships between federated identity and service providers, the method comprising:
-
receiving an assertion of a user identity from an identity provider of a plurality of identity providers, wherein each of the identity providers comprises a separate domain, via a first federation protocol from a first intermediary federation router configured as a consolidated identity provider of said plurality of identity providers, wherein the first intermediary federation router has a single trust relationship with each of said plurality of identity providers, wherein a destination service provider of a plurality of destination service providers is indicated with the assertion, verifying permission of the user identity to access the destination service provider; and asserting the user identity to the destination service provider of said plurality of service providers, wherein each of the service providers comprises a separate domain, via a second federation protocol from a second intermediary federation router configured as a consolidated destination service provider of said plurality of destination service providers, such that said plurality of identity providers has a single trust relationship with said plurality of destination service providers only through said first intermediary federation router and said second intermediary router. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for managing trust relationships between federated identity and service providers, the system comprising a processor and memory, wherein the memory includes:
-
computer-readable code configured to receive an assertion of a user identity from an identity provider via a first federation protocol from a first intermediary federation router configured as a consolidated identity provider of said plurality of identity providers, wherein each of the identity providers comprises a separate domain, wherein the first intermediary federation router has a single trust relationship with each of said plurality of identity providers, and wherein a destination service provider of a plurality of destination service providers is indicated with the assertion, computer-readable code configured to verify permission of the user identity to access the destination service provider; computer-readable code configured to determine a second federation protocol which is compatible to the destination service provider; and computer-readable code configured to assert the user identity to the destination service provider of said plurality of service providers, wherein each of the service providers comprises a separate domain, via the second federation protocol from a second intermediary federation router configured as a consolidated destination service provider of said plurality of destination service providers, such that said plurality of identity providers has a single trust relationship with said plurality of destination service providers only through said first intermediary federation router and said second intermediary router. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification