Relying party platform/framework for access management infrastructures
First Claim
1. A system, comprising:
- a processor;
a non-transitory computer-readable storage medium;
a mapping repository configured to store a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers;
identity management logic configured to use the mapping to determine that one or more first identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of a first application in response to receiving a first request associated with the first application;
said non-transitory computer-readable storage medium storing instructions that cause said processor to;
receive the first request specifying the first application;
invoke a first identity provider of a plurality of identity providers to authenticate an entity associated with the first request based on a first mapping between the first application and the first identity provider;
wherein the identity management logic is further configured to;
determine that a first user of the first application has been authenticated using the first identity provider of the one or more first identity providers;
determine, in response to a request from the first application to perform an action associated with a second application, that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider;
generate a token that enables the first application to perform the action on the second application;
receive a second request specifying a second application different from the first application; and
invoke a second identity provider of the plurality of identity providers to authenticate an entity associated with the second request based on a second mapping between the second application and the second identity provider; and
wherein the first identity provider differs from the second identity provider.
1 Assignment
0 Petitions
Accused Products
Abstract
A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality. A mapping repository can be configured to store a mapping between applications and identity providers. The mapping associates each application of a plurality of applications with one or more identity providers. Identity management logic can be configured to use the mapping to determine that one or more identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of the first application in response to receiving a first request associated with a first application.
72 Citations
17 Claims
-
1. A system, comprising:
-
a processor; a non-transitory computer-readable storage medium; a mapping repository configured to store a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers; identity management logic configured to use the mapping to determine that one or more first identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of a first application in response to receiving a first request associated with the first application; said non-transitory computer-readable storage medium storing instructions that cause said processor to; receive the first request specifying the first application; invoke a first identity provider of a plurality of identity providers to authenticate an entity associated with the first request based on a first mapping between the first application and the first identity provider; wherein the identity management logic is further configured to; determine that a first user of the first application has been authenticated using the first identity provider of the one or more first identity providers; determine, in response to a request from the first application to perform an action associated with a second application, that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider; generate a token that enables the first application to perform the action on the second application; receive a second request specifying a second application different from the first application; and invoke a second identity provider of the plurality of identity providers to authenticate an entity associated with the second request based on a second mapping between the second application and the second identity provider; and wherein the first identity provider differs from the second identity provider. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
storing, on a computer-readable storage medium, a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers; using the mapping to determine that one or more first identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of a first application in response to receiving a first request associated with the first application; receiving the first request specifying the first application; invoking, by a computer processor, a first identity provider of a plurality of identity providers to authenticate an entity associated with the first request based on a first mapping between the first application and the first identity provider; determining that a first user of the first application has been authenticated using the first identity provider of the one or more first identity providers; in response to a request from the first application to perform an action associated with a second application, determining that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider; generating a token that enables the first application to perform the action on the second application; receiving a second request specifying a second application different from the first application; and invoking, by a computer processor, a second identity provider of the plurality of identity providers to authenticate an entity associated with the second request based on a second mapping between the second application and the second identity provider; wherein the first identity provider differs from the second identity provider; and wherein the method is performed by one or more computing devices. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable non-transitory storage medium storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
storing a mapping between applications and identity providers, wherein the mapping associates each application of a plurality of applications with one or more identity providers; using the mapping to determine that one or more first identity providers of a first plurality of identity providers can be used to perform authentication activities on behalf of a first application in response to receiving a first request associated with the first application; receiving the first request specifying the first application; invoking a first identity provider of a plurality of identity providers to authenticate an entity associated with the first request based on a first mapping between the first application and the first identity provider; determining that a first user of the first application has been authenticated using the first identity provider of the one or more first identity providers; in response to a request from the first application to perform an action associated with a second application, determining that the first application is a trusted application with respect to the second application based at least in part on the determination that the first user of the first application has been authenticated using the first identity provider; generating a token that enables the first application to perform the action on the second application; receiving a second request specifying a second application different from the first application; and invoking a second identity provider of the plurality of identity providers to authenticate an entity associated with the second request based on a second mapping between the second application and the second identity provider; wherein the first identity provider differs from the second identity provider. - View Dependent Claims (14, 15, 16, 17)
-
Specification