Method and apparatus for multi-domain identity interoperability and compliance verification
First Claim
Patent Images
1. A method of providing identity federation deployment comprising:
- utilizing a pre-generated schema stored in a memory of a computer system for generating a deployment system including a deployment profile for interoperability between two or more service providers (SP) and/or identity providers (IDP) (SP/IDPs);
providing a validation environment, the validation environment comprising one or more virtual SP/IDPs implemented on one or more computer systems, the virtual SP/IDP representing a customer configuration, the virtual SP/IDP to interact with a third party pre-production partner SP/IDP on a remote computer system through standard interaction methods, to validate that the virtual SP/IDPs are capable of interoperation at the deployment level with the third party pre-production SP/IDPs; and
creating a customized quality assurance environment on a server to continuously monitor compliance of a live customer federation hub with the pre-generated schema, the quality assurance environment to monitor the interfacing of at least one live customer endpoint and a live third party SP or IDP, wherein monitoring the interfacing of the at least one live customer endpoint and the live third party SP or IDP comprises decrypting, parsing, and assembling an identity-related communication between the SP and the IDP.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus to provide identity management deployment interoperability and compliance verification. In one embodiment, the system also provides on-demand services including automated certification, monitoring, alerting, routing, and translation of tokens for federated identity related interactions between multi-domain identity management systems is provided.
63 Citations
20 Claims
-
1. A method of providing identity federation deployment comprising:
-
utilizing a pre-generated schema stored in a memory of a computer system for generating a deployment system including a deployment profile for interoperability between two or more service providers (SP) and/or identity providers (IDP) (SP/IDPs); providing a validation environment, the validation environment comprising one or more virtual SP/IDPs implemented on one or more computer systems, the virtual SP/IDP representing a customer configuration, the virtual SP/IDP to interact with a third party pre-production partner SP/IDP on a remote computer system through standard interaction methods, to validate that the virtual SP/IDPs are capable of interoperation at the deployment level with the third party pre-production SP/IDPs; and creating a customized quality assurance environment on a server to continuously monitor compliance of a live customer federation hub with the pre-generated schema, the quality assurance environment to monitor the interfacing of at least one live customer endpoint and a live third party SP or IDP, wherein monitoring the interfacing of the at least one live customer endpoint and the live third party SP or IDP comprises decrypting, parsing, and assembling an identity-related communication between the SP and the IDP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A deployment system to enable deployment of a compliant federation hub, the system comprising:
-
a pre-generated schema stored in memory, to generate a deployment system including a deployment profile for interoperability between two or more service providers (SPs) and/or identity providers (IDPs) (SP/IDP); a validation environment, including a virtual SP/IDP representing a customer configuration, the virtual SP/IDP to interact with a pre-production third-party partner endpoint implemented on a computer system, to validate that the customer configuration is capable of interoperation with the third-party partner endpoint; a deployment environment implemented on a server, including customized quality assurance to continuously monitor compliance of the live endpoints in the customer federation with the pre-generated schema, by monitoring communications, wherein monitoring the communications comprises decrypting, parsing, and assembling an identity-related communication between the SP and the IDP. - View Dependent Claims (18, 19, 20)
-
Specification