Establishment of security federations
First Claim
1. A computer-implemented method of deriving a trust realm, the method comprising:
- modeling, on a computing device having one or more processors and coupled to a server over a network, a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity and coupled to the server, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior;
receiving, from a repository included within the server over the network, candidate role information associated with candidate administrative domains of candidate entities;
dynamically resolving, using the one or more processors, appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information;
automatically deriving, using the one or more processors, one or more trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model; and
effecting, over the network, the one or more secure interactions among the appropriate administrative domains through the one or more trust realms.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure interactions between administrative domains are modeled. The modeled process specifies role information for each of the administrative domains and interaction between the administrative domains. Role information associated with candidate administrative domains is received, and appropriate administrative domains from the candidate administrative domains are dynamically resolved based on the modeled process and the received role information. Trust realms between the dynamically resolved appropriate administrative domains are automatically derived based on the role information and the interactions from the modeled process. The secure interaction between the dynamically resolved appropriate administrative domains is effected through the automatically derived trust realms.
14 Citations
20 Claims
-
1. A computer-implemented method of deriving a trust realm, the method comprising:
-
modeling, on a computing device having one or more processors and coupled to a server over a network, a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity and coupled to the server, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior; receiving, from a repository included within the server over the network, candidate role information associated with candidate administrative domains of candidate entities; dynamically resolving, using the one or more processors, appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information; automatically deriving, using the one or more processors, one or more trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model; and effecting, over the network, the one or more secure interactions among the appropriate administrative domains through the one or more trust realms. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable storage medium coupled to one or more processing devices and having instructions stored thereon which, when executed by the one or more processing devices, cause the one or more processing devices to perform operations comprising:
-
modeling a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior; receiving candidate role information associated with candidate administrative domains of candidate entities; dynamically resolving appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information; automatically deriving trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model; and effecting one or more secure interactions among the appropriate administrative domains through the one or more trust realms.
-
-
20. A device comprising:
-
a processor configured to; model a process that involves one or more secure interactions among administrative domains to provide a process model, each of the administrative domains being associated with a generic entity, the process model specifying generic role information associated with each of the administrative domains and interactions among the administrative domains, the generic role information defining an observable behavior, receive candidate role information associated with candidate administrative domains of candidate entities, dynamically resolve appropriate administrative domains from the candidate administrative domains based on the process model and the candidate role information, automatically derive trust realms among the appropriate administrative domains based on the generic role information and the interactions specified by the process model, and effect one or more secure interactions among the appropriate administrative domains through the one or more trust realms; and a repository configured to; store the candidate role information associated with each of the candidate administrative domains and relationship types associated with each of the candidate administrative domains, and transmit the candidate role information and the relationship types to the processor.
-
Specification