Push artifact binding for communication in a federated identity system
First Claim
1. A data processing system comprising:
- a service provider addressable through a Uniform Resource Locator and to offer a plurality of services associated with corresponding second Uniform Resource Locators stored in a federated identity record at a Domain Name Service; and
an identity provider to handle a federated action by determining that a user request is to be conveyed to the service provider, retrieving one of the second Uniform Resource Locators from the federated identity record at the Domain Name Service corresponding to a federated service in the user request, and sending a request or assertion as a push message over a back-channel communication pathway to the service provider at the one of the second Uniform Resource Locators,the service provider to handle the federated action by sending a response to the message over the back-channel communication pathway to the identity provider including a third Uniform Resource Locator to which the user is to be directed, and the identity provider to redirect the user to the third Uniform Resource Locator specified in the response.
8 Assignments
0 Petitions
Accused Products
Abstract
A data processing system implements push artifact binding for communication in a federated identity system. A federated identity system in the data processing system comprises an initiator that handles a federated action by determining that a user is to be conveyed to a recipient, constructing an appropriate message request or assertion to be sent to the recipient, and sending the message as a push message over a back-channel communication pathway directed to the recipient'"'"'s location. The federated identity system further comprises a recipient that handles the federated action by responding to the message by forming a Uniform Resource Locator (URL) to which the user can be directed. The initiator redirects the user to the URL specified in the recipient response.
-
Citations
21 Claims
-
1. A data processing system comprising:
-
a service provider addressable through a Uniform Resource Locator and to offer a plurality of services associated with corresponding second Uniform Resource Locators stored in a federated identity record at a Domain Name Service; and an identity provider to handle a federated action by determining that a user request is to be conveyed to the service provider, retrieving one of the second Uniform Resource Locators from the federated identity record at the Domain Name Service corresponding to a federated service in the user request, and sending a request or assertion as a push message over a back-channel communication pathway to the service provider at the one of the second Uniform Resource Locators, the service provider to handle the federated action by sending a response to the message over the back-channel communication pathway to the identity provider including a third Uniform Resource Locator to which the user is to be directed, and the identity provider to redirect the user to the third Uniform Resource Locator specified in the response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
-
-
10. A method to communicate in a federated identity system comprising:
-
for a service provider addressable through a Uniform Resource Locator, storing second Uniform Resource Locators corresponding to a plurality of services offered by the service provider in a federated identity record at a Domain Name Service; handling a federated action at an identity provider by; determining that a user request is to be conveyed to the service provider; retrieving one of the second Uniform Resource Locators from the federated identity record at the Domain Name Service corresponding to a federated service in the user request; and sending a request or assertion as a push message over a back-channel communication pathway to the service provider at the one of the second Uniform Resource Locators; handling the federated action at the service provider by sending a response to the message over the back-channel communication pathway to the identity provider including a third Uniform Resource Locator to which the user is to be directed; and redirecting the user to the third Uniform Resource Locator specified in the response. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A tangible computer readable storage device or storage disk comprising instructions to, at least:
-
cause a controller in a service provider addressable through a Uniform Resource Locator to store second Uniform Resource Locators corresponding to a plurality of services offered by the service provider in a federated identity record at a Domain Name Service; cause a controller in an identity provider to determine that a user request is to be conveyed to the service provider; cause the controller in the identity provider to retrieve one of the second Uniform Resource Locators from the federated identity record at the Domain Name Service corresponding to a federated service in the user request; cause the controller in the identity provider to send a request or assertion as a push message over a back-channel communication pathway to the service provider at the one of the second Uniform Resource Locators; cause the controller in the service provider to send a response to the message over the back-channel communication pathway to the identity provider including a third Uniform Resource Locator to which the user is to be directed; cause the controller in the service provider to combine a unique identifier equivalent to an artifact binding into the third Uniform Resource Locator to which the user is to be directed; and cause the controller in the identity provider to redirect the user to the third Universal Resource Locator specified in the response. - View Dependent Claims (19, 20)
-
Specification