Relying party specifiable format for assertion provider token
First Claim
1. A system, comprising:
- a client computer comprising one or more processors;
the client computer further comprising a memory coupled to one or more processors, wherein the memory stores program instructions executable by the one or more processors to implement a security component associated with a network-enabled application, wherein said security component is configured to;
receive authentication policy information at runtime on the client computer, the authentication policy information received from a remote computer of a relying party, the authentication policy information specifying that an assertion token is to be signed by the client computer prior to the client computer forwarding that assertion token to the relying party;
send authentication credentials from the client computer to a remote computer of an assertion provider to authenticate a user of the client computer to the relying party;
receive an assertion token from a remote computer of the assertion provider, wherein the assertion token indicates the user of the client computer has been authenticated;
sign the assertion token on the client computer as specified in the authentication policy information received at runtime;
forward the signed assertion token from the client computer to a remote computer of the relying party;
determine whether the relying party is reputable;
enable display of an indication associated with whether the relying party is reputable; and
enable display of a region embedded within a user interface associated with the client computer, the user interface configured to display an image associated with the relying party, wherein an appearance associated with said embedded region is customizable for each relying party of a plurality of relying parties.
2 Assignments
0 Petitions
Accused Products
Abstract
A security component may be associated with a network-enabled application. The network-enabled application may request access to restricted content from a relying party (e.g., web site). The security component associated with the network-enabled application may receive authentication policy information from the relying party and send a user'"'"'s authentication credentials to an assertion provider to authenticate the credentials. The relying party may trust the assertion provider to authenticate user credentials. Upon successful authentication, the assertion provider may return an assertion token to the security component and the security component may sign the assertion token as specified in the authentication policy information. Subsequently, the security token may forward the signed assertion token to the relying party and the relying party may grant access to the restricted content.
-
Citations
21 Claims
-
1. A system, comprising:
-
a client computer comprising one or more processors; the client computer further comprising a memory coupled to one or more processors, wherein the memory stores program instructions executable by the one or more processors to implement a security component associated with a network-enabled application, wherein said security component is configured to; receive authentication policy information at runtime on the client computer, the authentication policy information received from a remote computer of a relying party, the authentication policy information specifying that an assertion token is to be signed by the client computer prior to the client computer forwarding that assertion token to the relying party; send authentication credentials from the client computer to a remote computer of an assertion provider to authenticate a user of the client computer to the relying party; receive an assertion token from a remote computer of the assertion provider, wherein the assertion token indicates the user of the client computer has been authenticated; sign the assertion token on the client computer as specified in the authentication policy information received at runtime; forward the signed assertion token from the client computer to a remote computer of the relying party; determine whether the relying party is reputable; enable display of an indication associated with whether the relying party is reputable; and enable display of a region embedded within a user interface associated with the client computer, the user interface configured to display an image associated with the relying party, wherein an appearance associated with said embedded region is customizable for each relying party of a plurality of relying parties. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer implemented method, comprising:
-
a client-side security component on a client computer receiving authentication policy information at runtime on the client computer, the authentication policy information received from a remote computer of a relying party, the authentication policy information specifying that an assertion token is to be signed by the client computer prior to the client computer forwarding that assertion token to the relying part; the client-side security component sending authentication credentials from the client computer to a remote computer of an assertion provider to authenticate a user of the client computer to the relying party; the client-side security component receiving an assertion token from a remote computer of the assertion provider, wherein the assertion token indicates the user of the client computer has been authenticated; the client-side security component signing the assertion token on the client computer as specified in the authentication policy information received at runtime, wherein the client-side security component is further configured to sign the assertion token using a key received from the assertion provider; the client-side security component forwarding the signed assertion token from the client computer to a remote computer of the relying party; the client-side security component enabling display of a region embedded within a user interface associated with the client computer, the user interface configured to display an image associated with the relying party, wherein an appearance associated with said embedded region is customizable for each relying party of a plurality of relying parties. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Computer-accessible storage memory storing computer-executable program instructions on a client computer to implement a security component associated with a network-enabled application, wherein the security component is configured to:
-
receive authentication policy information at runtime on the client computer, the authentication policy information received from a remote computer of a relying party, the authentication policy information specifying that an assertion token is to be signed by the client computer prior to the client computer forwarding that assertion token to the relying party; provide a user interface for a user to select an assertion provider; send authentication credentials from the client computer to a remote computer of a selected assertion provider to authenticate the user of the client computer to the relying party; receive an assertion token from a remote computer of the assertion provider, wherein the assertion token indicates the user of the client computer has been authenticated; sign the assertion token on the client computer as specified in the authentication policy information received at runtime; forward the signed assertion token from the client computer to a remote computer of the relying party; and enable display of a region embedded within a user interface associated with the client computer, the user interface configured to display an image associated with the relying party, wherein an appearance associated with said embedded region is customizable for each relying party of a plurality of relying parties. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification