Federated access
First Claim
1. A federation system for dynamically managing a federation including a first enterprise, the system comprising:
- one or more processors;
a storage device configured to store data related to the federation;
one or more memory devices, wherein the one or more memory devices have stored thereon instructions that, when executed by the one or more processors, cause the one or more processors to respectively;
receive at a publicly known access point, from a device at a second enterprise, a request to join the federation associated with the first enterprise;
authenticate and admit the second enterprise into the federation in response to the request;
determine access rights of the second enterprise within the federation in response to authenticating and admitting the second enterprise into the federation, wherein the determining of the access rights is based upon rules regarding requests received at the publicly known access pointstore, in the storage device, the access rights of the second enterprisetransmit to the device the access rights granted to the second enterprise;
transmit to the device an address of a federation proxy interface for establishing contact with the federation;
receive contact from the device to the federation proxy interface; and
exchange data with the device via the federation proxy interface in accordance with the granted access rights.
8 Assignments
0 Petitions
Accused Products
Abstract
A federation system operating in a first enterprise includes a configuration server and a database for creating and storing federation configuration data and a federation registrar having an interface for dealing with a second enterprise seeking to federate. In the system the second enterprise connects to the federation registrar, negotiation takes place concerning details of federation, agreement is reached, configuration is stored in the configuration database, and the second enterprise is then coupled to the first enterprise through a pair of federation proxy interfaces, one at the first enterprise and one at the second enterprise, the proxy interfaces configured by details of the federation.
21 Citations
22 Claims
-
1. A federation system for dynamically managing a federation including a first enterprise, the system comprising:
-
one or more processors; a storage device configured to store data related to the federation; one or more memory devices, wherein the one or more memory devices have stored thereon instructions that, when executed by the one or more processors, cause the one or more processors to respectively; receive at a publicly known access point, from a device at a second enterprise, a request to join the federation associated with the first enterprise; authenticate and admit the second enterprise into the federation in response to the request; determine access rights of the second enterprise within the federation in response to authenticating and admitting the second enterprise into the federation, wherein the determining of the access rights is based upon rules regarding requests received at the publicly known access point store, in the storage device, the access rights of the second enterprise transmit to the device the access rights granted to the second enterprise; transmit to the device an address of a federation proxy interface for establishing contact with the federation; receive contact from the device to the federation proxy interface; and exchange data with the device via the federation proxy interface in accordance with the granted access rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A federation method for dynamically managing a federation including a first enterprise, the method comprising:
receiving at a publicly known access point provided by a computer system, from a device at a second enterprise, a request to join the federation associated with the first enterprise; authenticating and admitting, by the computer system, the second enterprise into the federation in response to the request; determining, by the computer system, access rights of the second enterprise within the federation in response to authenticating and admitting the second enterprise into the federation, wherein the determining of the access rights is based upon rules regarding requests received at the publicly known access point; storing, by the computer system, in the storage device, the access rights of the second enterprise transmitting, by the computer system, to the device, the access rights granted to the second enterprise; transmitting, by the computer system, to the device, an address of a federation proxy interface for establishing contact with the federation; receiving, by the computer system, contact from the device to the federation proxy interface; and exchanging, by the computer system, data with the device via the federation proxy interface in accordance with the granted access rights. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
Specification