Specializing support for a federation relationship

US 8,181,225 B2
Filed: 06/09/2009
Issued: 05/15/2012
Est. Priority Date: 12/16/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing federated functionality within a data processing system, the method comprising:

receiving a first request at a first computing system for requested federation services from an identity provider, wherein the first request is made by a first requestor;

initializing an instance of an application to provide the requested federation services for the first requestor, the instance of the application resulting in a first specialized runtime which is specialized according to configuration data of a federation relationship of the first requestor with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtime; and

providing the requested federation services using the specialized runtime, wherein the identity provider provides federation services for a plurality of requestors, further comprising;

initializing a plurality of specialized runtimes which provide requested federation services for the requestors according to configuration data of respective federation relationships of the requestors with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtimes; and

providing the requested federation services to each requestor by routing requests to an appropriate specialized runtime according to a requestor identity and a federation relationship.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.

56 Citations

View as Search Results

17 Claims

1. A method for providing federated functionality within a data processing system, the method comprising:
- receiving a first request at a first computing system for requested federation services from an identity provider, wherein the first request is made by a first requestor;
  
  initializing an instance of an application to provide the requested federation services for the first requestor, the instance of the application resulting in a first specialized runtime which is specialized according to configuration data of a federation relationship of the first requestor with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtime; and
  
  providing the requested federation services using the specialized runtime, wherein the identity provider provides federation services for a plurality of requestors, further comprising;
  
  initializing a plurality of specialized runtimes which provide requested federation services for the requestors according to configuration data of respective federation relationships of the requestors with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtimes; and
  
  providing the requested federation services to each requestor by routing requests to an appropriate specialized runtime according to a requestor identity and a federation relationship.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the first specialized runtime also provides federation services to a second requestor and is also initialized according to configuration data of a federation relationship of the second requestor with the identity provider.
  - 3. The method of claim 1 wherein a second specialized runtime provides federation services to a third requestor and is initialized according to configuration data of a federation relationship of the third requestor with the identity provider, and wherein the federation services provided by the first and second specialized runtimes are substantially identical.
  - 4. The method of claim 1 further comprising:
    - prior to initializing the instance of the application, configuring data which describes each federation relationship between the identity provider and each of the plurality of requestors.
  - 5. The method of claim 4 wherein the configuring data step further comprises the step of configuring global specified data which is common to all federation relations with an identity provider level.
  - 6. The method of claim 4 wherein the configuring data step further comprises the step of configuring federation relationship data which is specific to the first specialized runtime.
  - 7. The method of claim 4 wherein the configuring data step further comprises the step of configuring requestor specific data.
  - 8. The method of claim 6 wherein global identity provider default configuration data is overridden by the configured federation relationship data.
  - 9. The method of claim 7 wherein global identity provider default configuration data or federation relationship data is overridden by the configured requestor specific data.
  - 10. The method of claim 1, wherein the instance of the application is initialized using a given plug-in from a plurality of plug-ins that provide functionality for various types of independent federated user lifecycle management profiles.
  - 11. The method of claim 1, wherein the requested federation services are concurrently provided to the plurality of requestors, and wherein at least two of the requested federation services support different federated user lifecycle protocols.

12. A system including memory and processor for providing federated functionality within a data processing system, the system comprising:
- a processor;
  
  a memory for storing instructions, the instructions which when executed by the processor, perform a method comprising;
  
  receiving a first request at a first computing system for requested federation services from an identity provider, wherein the first request is made by a first requestor;
  
  initializing an instance of an application to provide the requested federation services for the first requestor, the instance of the application resulting in a first specialized runtime which is specialized according to configuration data of a federation relationship of the first requestor with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtime; and
  
  providing the requested federation services using the specialized runtime, wherein the identity provider provides federation services for a plurality of requestors, and the method further comprises;
  
  initializing a plurality of specialized runtimes which provide requested federation services for the requestors according to configuration data of respective federation relationships of the requestors with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtimes; and
  
  providing the requested federation services to each requestor by routing requests to an appropriate specialized runtime according to a requestor identity and a federation relationship.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12 wherein the first specialized runtime also provides federation services to a second requestor and is also initialized according to configuration data of a federation relationship of the second requestor with the identity provider.
  - 14. The system of claim 12 wherein a second specialized runtime provides federation services to a third requestor and is initialized according to configuration data of a federation relationship of the third requestor with the identity provider, and wherein the federation services provided by the first and second specialized runtimes are substantially identical.

15. A non-transitory computer readable storage medium storing a computer program product for providing federated functionality within a data processing system, the computer program product which when executed by a processor, performing a method comprising:
- receiving a first request at a first computing system for requested federation services from an identity provider, wherein the first request is made by a first requestor;
  
  initializing an instance of an application to provide the requested federation services for the first requestor, the instance of the application resulting in a first specialized runtime which is specialized according to configuration data of a federation relationship of the first requestor with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtime; and
  
  providing the requested federation services using the specialized runtime, wherein the identity provider provides federation services for a plurality of requestors, and the method further comprises;
  
  initializing a plurality of specialized runtimes which provide requested federation services for the requestors according to configuration data of respective federation relationships of the requestors with the identity provider, wherein the configuration data is dynamically retrieved during initialization of the runtimes; and
  
  providing the requested federation services to each requestor by routing requests to an appropriate specialized runtime according to a requestor identity and a federation relationship.
- View Dependent Claims (16, 17)
- - 16. The computer readable storage medium of claim 15 wherein the first specialized runtime also provides federation services to a second requestor and is also initialized according to configuration data of a federation relationship of the second requestor with the identity provider.
  - 17. The computer readable storage medium of claim 15 wherein a second specialized runtime provides federation services to a third requestor and is initialized according to configuration data of a federation relationship of the third requestor with the identity provider, and wherein the federation services provided by the first and second specialized runtimes are substantially identical.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hinton, Heather Maria, Moran, Anthony Scott, Falola, Dolapo Martin, Milman, Ivan Matthew, Wardrop, Patrick Ryan
Primary Examiner(s)
Goodarzi, Nasser
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US12/481,007
Publication Number

US 20090259753A1
Time in Patent Office

1,071 Days
Field of Search

713/168, 713/182, 713/186, 709/225, 709/226, 709/229, 726/1, 726/2, 726/3, 726/4, 726/5, 726/6, 726/8, 726/14
US Class Current

726/2
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 67/30 Profiles

Specializing support for a federation relationship

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Specializing support for a federation relationship

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links