Router for managing trust relationships

US 7,926,089 B2
Filed: 07/14/2006
Issued: 04/12/2011
Est. Priority Date: 07/14/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method of managing trust relationships between federated identity and service providers, the method comprising:

receiving an assertion of a user identity from an identity provider of a plurality of identity providers, wherein each of the identity providers comprises a separate domain, via a first federation protocol from a first intermediary federation router configured as a consolidated identity provider of said plurality of identity providers, wherein the first intermediary federation router has a single trust relationship with each of said plurality of identity providers, wherein a destination service provider of a plurality of destination service providers is indicated with the assertion,verifying permission of the user identity to access the destination service provider; and

asserting the user identity to the destination service provider of said plurality of service providers, wherein each of the service providers comprises a separate domain, via a second federation protocol from a second intermediary federation router configured as a consolidated destination service provider of said plurality of destination service providers, such that said plurality of identity providers has a single trust relationship with said plurality of destination service providers only through said first intermediary federation router and said second intermediary router.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment relates to a method of managing trust relationships between federated identity and service providers. An assertion of a user identity is received from an identity provider via a first federation protocol, wherein a destination service provider is indicated with the assertion. Permission of the user identity to access the destination service provider is verified. If permission is verified, the user identity is asserted to the destination service provider via a second federation protocol. Other embodiments and features are also disclosed.

Citations

13 Claims

1. A method of managing trust relationships between federated identity and service providers, the method comprising:
- receiving an assertion of a user identity from an identity provider of a plurality of identity providers, wherein each of the identity providers comprises a separate domain, via a first federation protocol from a first intermediary federation router configured as a consolidated identity provider of said plurality of identity providers, wherein the first intermediary federation router has a single trust relationship with each of said plurality of identity providers, wherein a destination service provider of a plurality of destination service providers is indicated with the assertion,verifying permission of the user identity to access the destination service provider; and
  
  asserting the user identity to the destination service provider of said plurality of service providers, wherein each of the service providers comprises a separate domain, via a second federation protocol from a second intermediary federation router configured as a consolidated destination service provider of said plurality of destination service providers, such that said plurality of identity providers has a single trust relationship with said plurality of destination service providers only through said first intermediary federation router and said second intermediary router.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising, prior to asserting the user identity, constructing a view of the user identity for presentation to the destination service provider.
  - 3. The method of claim 1, further comprising:
    - determining an appropriate federation protocol which is compatible with the destination service provider; and
      
      selecting the appropriate federation protocol to be the second federation protocol.
  - 4. The method of claim 1, wherein the first and second federation protocols comprise different protocols.
  - 5. The method of claim 1, wherein the first and second federation protocols comprise a same protocol.
  - 6. The method of claim 1, wherein assertions of user identities are received from multiple domains of an organization.
  - 7. The method of claim 1, wherein assertions of user identities are sent to multiple domains within an organization.

8. A system for managing trust relationships between federated identity and service providers, the system comprising a processor and memory, wherein the memory includes:
- computer-readable code configured to receive an assertion of a user identity from an identity provider via a first federation protocol from a first intermediary federation router configured as a consolidated identity provider of said plurality of identity providers, wherein each of the identity providers comprises a separate domain, wherein the first intermediary federation router has a single trust relationship with each of said plurality of identity providers, and wherein a destination service provider of a plurality of destination service providers is indicated with the assertion,computer-readable code configured to verify permission of the user identity to access the destination service provider;
  
  computer-readable code configured to determine a second federation protocol which is compatible to the destination service provider; and
  
  computer-readable code configured to assert the user identity to the destination service provider of said plurality of service providers, wherein each of the service providers comprises a separate domain, via the second federation protocol from a second intermediary federation router configured as a consolidated destination service provider of said plurality of destination service providers, such that said plurality of identity providers has a single trust relationship with said plurality of destination service providers only through said first intermediary federation router and said second intermediary router.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the memory further includes computer-readable code configured to generate a view of the user identity for presentation to the destination service provider.
  - 10. The system of claim 8, wherein the first and second federation protocols comprise different protocols.
  - 11. The system of claim 8, wherein the first and second federation protocols comprise a same protocol.
  - 12. The system of claim 8, wherein the system is configured to receive assertions of user identities from multiple domains of an organization.
  - 13. The system of claim 8, wherein the system is configured to send assertions of user identities to multiple domains within an organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Tulshibagwale, Atul Vijay, Whitehead, Gregory Ryan
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/486,684
Publication Number

US 20080016195A1
Time in Patent Office

1,733 Days
Field of Search

726/4, 726/8, 726/12, 726/5, 726/18, 726/21, 709/223, 709/225, 713/153
US Class Current

726/4
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/45   Structures or tools for the...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 12/66   Arrangements for connecting...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 67/306   User profiles

Router for managing trust relationships

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Router for managing trust relationships

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links