Federated identity broker
First Claim
Patent Images
1. A method, comprising:
- registering, by a federated identity broker application executing on one or more computing devices, a first customer as an identity provider;
registering, by the federated identity broker application, a second customer as an identity consumer;
supplying to the second customer a set of registered identity providers that have registered with the federated identity broker application, the set identifying at least the first customer as a trusted provider; and
acting as an intermediary between the first customer and the second customer to broker an identity request from the second customer that is granted or denied by the first customer by;
receiving, by the federated identity broker application, the identity request from the second customer in an inbound flow;
changing, by the federated identity broker application, a permission associated with the identity request;
generating, by the federated identity broker application, a broker identity request using at least information associated with the identity request and including the changed permission; and
transmitting, by the federated identity broker application, the broker identity request, including the changed permission, to the first customer on a separate outbound flow.
1 Assignment
0 Petitions
Accused Products
Abstract
A federated identity system is described. A federated identity broker registers a first customer as an identity provider and a second customer as an identity consumer. The federated identity broker acts as an intermediary between the first customer and the second customer, to broker an identity request from the first customer that is fulfilled by the second customer.
-
Citations
16 Claims
-
1. A method, comprising:
-
registering, by a federated identity broker application executing on one or more computing devices, a first customer as an identity provider; registering, by the federated identity broker application, a second customer as an identity consumer; supplying to the second customer a set of registered identity providers that have registered with the federated identity broker application, the set identifying at least the first customer as a trusted provider; and acting as an intermediary between the first customer and the second customer to broker an identity request from the second customer that is granted or denied by the first customer by; receiving, by the federated identity broker application, the identity request from the second customer in an inbound flow; changing, by the federated identity broker application, a permission associated with the identity request; generating, by the federated identity broker application, a broker identity request using at least information associated with the identity request and including the changed permission; and transmitting, by the federated identity broker application, the broker identity request, including the changed permission, to the first customer on a separate outbound flow. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
at least one computing device; and the at least one computing device executing a federated identity broker application, the federated identity broker application comprising; logic that registers a first customer as an identity provider on request by the first customer; logic that registers a second customer as an identity consumer on request by the second customer; logic that receives a first identity request from the second customer on an inbound flow; logic that generates a changed permission associated with the first identity request; logic that generates a broker identity request using at least information associated with the first identity request and including the changed permission; logic that sends the broker identity request to the first customer on an outbound flow separate from the inbound flow, brokering the first identity request from the second customer that is granted or denied by the first customer; and logic that requests an end user of the first customer to approve the first identity request, wherein the logic that sends the broker identity request to the first customer on the outbound flow is conditional upon approval by the end user. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer readable medium embodying a program executable by at least one computing device the program configured to cause the at least one computing device to at least:
-
registering, by a federated identity broker application executing on the at least one computing device, a first customer as an identity provider; registering, by the federated identity broker application, a second customer as an identity consumer; supplying, by the federated identity broker application, to the second customer a set of registered identity providers that have registered with the federated identity broker application, the set identifying at least the first customer as a trusted provider; and acting as an intermediary between the first customer and the second customer to broker an identity request from the second customer that is granted or denied by the first customer by; receiving, by the federated identity broker application, the identity request from the second customer in an inbound flow; changing, by the federated identity broker application, a permission associated with the identity request; generating, by the federated identity broker application, a broker identity request using at least information associated with the identity request and including the changed permission; and transmitting, by the federated identity broker application, the broker identity request, including the changed permission, to the first customer on a separate outbound flow. - View Dependent Claims (15, 16)
-
Specification