Context-sensitive confidentiality within federated environments
First Claim
1. A computer-implemented method of achieving context-sensitive confidentiality within a federated environment, the method comprising:
- determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route;
determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein;
at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and
one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content;
selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion;
creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and
transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for achieving context-sensitive confidentiality within a federated environment for which content is aggregated in a distributed Web portal (or similar aggregation framework), ensuring that message portions that should be confidential are confidential to all entities in the federated environment except those entities to which the message portions may properly be divulged. The federation may comprise an arbitrary number of autonomous security domains, and these security domains may have independent trust models and authentication services. Using the disclosed techniques, messages can be routed securely within a cross-domain federation (irrespective of routing paths), thereby ensuring that confidential information is not exposed to unintended third parties and that critical information is not tampered with while in transit between security domains. Preferred embodiments leverage Web services techniques and a number of industry standards.
94 Citations
20 Claims
-
1. A computer-implemented method of achieving context-sensitive confidentiality within a federated environment, the method comprising:
-
determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route; determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein; at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content; selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion; creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for achieving context-sensitive confidentiality within a federated environment, comprising:
-
a computer comprising a processor; and instructions which are executable, using the processor, to implement functions comprising; determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route; determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein; at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content; selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion; creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer program product for achieving context-sensitive confidentiality within a federated environment, the computer program product embodied on one or more non-transitory computer-readable storage media and comprising computer-readable program code for:
-
determining a network route to be taken by a message to be transmitted in the federated environment, the network route crossing a plurality of security domains in the federated environment and the message requesting a service or content from at least a selected one of a plurality of nodes to be encountered on the determined route; determining, prior to transmitting the message over the network route, at least one portion of the message that is security-sensitive and, for each of the nodes and each of the security-sensitive portions, whether the node is entitled to access the security-sensitive portion, wherein; at least one security-sensitive portion of the message contains data for use by the selected one in performing the requested service or creating the requested content; and one of the security-sensitive portions of the message contains identity information of a sender of the message, the identity information usable by the selected one to verify that the sender is entitled to receive results of the requested service or to receive the requested content; selectively protecting, in the message prior to transmitting the message over the network route, each of the at least one security-sensitive portion of the message for each distinct one of the nodes which is entitled to access the security-sensitive portion; creating a message receiver element for each of the selectively-protected at least one portion of the message and each of the one or more nodes which is entitled to access the selectively-protected portion, the message receiver element identifying the one or more nodes and providing a node-specific keyword corresponding to the one or more nodes; and transmitting the message on the determined network route, the message receiver elements enabling each of the nodes to locate and access each security-sensitive portion which the node is entitled to access and preventing the node from accessing any security-sensitive portion which the node is not entitled to access. - View Dependent Claims (17, 18, 19, 20)
-
Specification