Modeling party identities in computer storage systems
First Claim
1. At a computer system including one or more processors and system memory, the computer system connected to a federated identity fabric, the federated identity fabric modeling identity related information in computer storage systems, the federated identity fabric providing a consistent view of and access to identity information across a plurality of different applications, a plurality of different computer systems, a plurality of different contexts, and a plurality of different networks, a method for utilizing the federated identity fabric to locate identity related data, the method comprising:
- an act of creating a first data object within a data structure, the first data object representing a party, the first data object including a party identifier that uniquely identifies the party, the first data object also including a plurality of role types that each identify a role played by the party, each of the role types having an associated role identifier;
an act of inserting the first data object into the federated identity fabric;
an act of creating a second data object containing a first identifier used by the party within the federated identity fabric, the second data object also including a role played by the party within the context of the first identifier associated with the first data object;
an act of creating a third data object containing a second identifier used by the party within the federated identity fabric, the second data object also including a role played by the party within the context of the second identifier associated with the second data object;
an act of inserting the second and third data objects into the federated identity fabric;
an act of including, within the second and third data objects, the party identifier to relate the second and third data objects to the first data object such that the party identifier is associated with the first and second identifiers;
an act of receiving a request that includes the first identifier, the request requesting an identifier associated with the party in the context of one of the party'"'"'s role;
an act of subsequently using the first identifier in the second data object as a template for locating the second data object;
an act of using the party identifier in the second data object to locate the first data object subsequent to using the first identifier to locate the second data object;
an act of retrieving identity related data for the party from the first data object, including identifying that the third data object exists for representing the party and that the third data object represents the party'"'"'s role identified in the request;
an act of locating the third data object using the party identifier; and
an act of retrieving and returning the second identifier contained within the third data object to satisfy the request.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for modeling party identities in computer storage systems. A federated identity fabric models identity data and relationships between portions of indentify data in computer storage systems in accordance with a uniform schema. The federated identity fabric can federate distributed identity and identity relationship data from computer storage systems within the variety of different computing environments. Code and metadata at computing environments associated with the federated identity fabric can interoperate to facilitate uniformly storing, accessing, modifying, deleting, and securing identity and identity relationship data within the federated identify fabric. Embodiments of the invention include utilizing an identity key table entry to locate party identity information and performing key transformations between different types of identity keys.
13 Citations
17 Claims
-
1. At a computer system including one or more processors and system memory, the computer system connected to a federated identity fabric, the federated identity fabric modeling identity related information in computer storage systems, the federated identity fabric providing a consistent view of and access to identity information across a plurality of different applications, a plurality of different computer systems, a plurality of different contexts, and a plurality of different networks, a method for utilizing the federated identity fabric to locate identity related data, the method comprising:
-
an act of creating a first data object within a data structure, the first data object representing a party, the first data object including a party identifier that uniquely identifies the party, the first data object also including a plurality of role types that each identify a role played by the party, each of the role types having an associated role identifier; an act of inserting the first data object into the federated identity fabric; an act of creating a second data object containing a first identifier used by the party within the federated identity fabric, the second data object also including a role played by the party within the context of the first identifier associated with the first data object; an act of creating a third data object containing a second identifier used by the party within the federated identity fabric, the second data object also including a role played by the party within the context of the second identifier associated with the second data object; an act of inserting the second and third data objects into the federated identity fabric; an act of including, within the second and third data objects, the party identifier to relate the second and third data objects to the first data object such that the party identifier is associated with the first and second identifiers; an act of receiving a request that includes the first identifier, the request requesting an identifier associated with the party in the context of one of the party'"'"'s role; an act of subsequently using the first identifier in the second data object as a template for locating the second data object; an act of using the party identifier in the second data object to locate the first data object subsequent to using the first identifier to locate the second data object; an act of retrieving identity related data for the party from the first data object, including identifying that the third data object exists for representing the party and that the third data object represents the party'"'"'s role identified in the request; an act of locating the third data object using the party identifier; and an act of retrieving and returning the second identifier contained within the third data object to satisfy the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for use in a federated identify fabric, the federated identify fabric including one or more computer systems, each computer system including one or more processors and system memory, the federated identity fabric providing a consistent view of and access to identity information across a plurality of different applications, a plurality of different computer systems, a plurality of different contexts, and a plurality of different networks, the computer program product for implementing a method for retrieving identify related data for a party from the federated identify fabric, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed at a process, cause the federated identity fabric to perform the method including the following:
-
receive a request for identity related data for a party, the request including; an identity key type defined in accordance with an identity key taxonomy within a single schema, the single schema capable of representing the existence of any entity that can be unambiguously identified; an identity key value indicating a value of the identity key type, the combination of identity key type and identity key value representing an entry within key identification table information; and a data value request, the data value request representing a request for a portion of party related identity data from a party table entry identifiable through the use of the combination of identity key type and identity key value and a relationship to party identification table information; locate the key identification table entry, within the key identification table information, that corresponds to the combination of the identity key type and identity key value; access a party identifier value from the key identification table entry, the party identifier value corresponding to the party associated with the identity key; refer to a party identity entry in the party identity table information based on the accessed party identifier and the relationship to the party identity table information; retrieve party identity data responsive to the data value request from the party identity entry by determining that a second key identification table entry exists which contains the requested party identity data and retrieving the party identity data from the second key identification table; and return the party identity data in response to the received request. - View Dependent Claims (12, 13)
-
-
14. A computer program product for use in a federated identify fabric, the federated identify fabric including one or more computer systems, each computer system including one or more processors and system memory, providing a consistent view of and access to identity information across a plurality of different applications, a plurality of different computer systems, a plurality of different contexts, and a plurality of different networks, the computer program product for implementing a method for performing a key transformation within the federated identify fabric, the computer program product comprising one or more computer storage media having stored thereon computer-executable instructions that, when executed at a process, cause the federated identity fabric to perform the method including the following:
-
an act of creating a first data object within a data structure, the first data object representing a party, the first data object including a party identifier that uniquely identifies the party, the first data object also including a plurality of role types that each identify a role played by the party, each of the role types having an associated role identifier; an act of inserting the first data object into the federated identity fabric; an act of creating a second data object containing a first identifier used by the party within the federated identity fabric, the second data object also including a role played by the party within the context of the first identifier associated with the first data object; an act of creating a third data object containing a second identifier used by the party within the federated identity fabric, the second data object also including a role played by the party within the context of the second identifier associated with the second data object; an act of inserting the second and third data objects into the federated identity fabric; an act of including, within the second and third data objects, the party identifier to relate the second and third data objects to the first data object such that the party identifier is associated with the first and second identifiers; an act of receiving a request that includes the first identifier, the request requesting an identifier associated with the party in the context of one of the party'"'"'s role; an act of subsequently using the first identifier in the second data object as a template for locating the second data object; an act of using the party identifier in the second data object to locate the first data object subsequent to using the first identifier to locate the second data object; an act of retrieving identity related data for the party from the first data object, including identifying that the third data object exists for representing the party and that the third data object represents the party'"'"'s role identified in the request; an act of locating the third data object using the party identifier; and an act of retrieving and returning the second identifier contained within the third data object to satisfy the request. - View Dependent Claims (15, 16, 17)
-
Specification