Federated identity mapping using delegated authorization

US 9,276,932 B2
Filed: 11/07/2013
Issued: 03/01/2016
Est. Priority Date: 11/07/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol;

receiving, by the first web service, a request from a first user;

in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and

mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user'"'"'s account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user.

Citations

21 Claims

1. A method, comprising:
- connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol;
  
  receiving, by the first web service, a request from a first user;
  
  in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and
  
  mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the delegated authorization protocol is OAuth.
  - 3. The method as described in claim 2 wherein the delegated authorization access token is an OAuth access token generated by the first web service and that has been substituted for a user identifier of the second user.
  - 4. The method as described in claim 1 wherein the second user is a contact of the first user at the first web service.
  - 5. The method as described in claim 4 wherein, by virtue of the mapping of the delegated authorization access token, the second user becomes a contact of the first user at the second web service.
  - 6. The method as described in claim 1 further including transmitting to the second web service information associated with at least one contact associated with the first user.
  - 7. The method as described in claim 6 wherein the information transmitted to the second web service is a delegated authorization access token that replaces a user identifier associated with the at least one contact.

8. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor performs identity mapping by;
  
  connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol;
  
  receiving, by the first web service, a request from a first user;
  
  in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and
  
  mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as described in claim 8 wherein the delegated authorization protocol is OAuth.
  - 10. The apparatus as described in claim 9 wherein the delegated authorization access token is an OAuth access token generated by the first web service and that has been substituted for a user identifier of the second user.
  - 11. The apparatus as described in claim 8 wherein the second user is a contact of the first user at the first web service.
  - 12. The apparatus as described in claim 11 wherein, by virtue of the mapping of the delegated authorization access token, the second user becomes a contact of the first user at the second web service.
  - 13. The apparatus as described in claim 8 further including transmitting to the second web service information associated with at least one contact associated with the first user.
  - 14. The apparatus as described in claim 13 wherein the information transmitted to the second web service is a delegated authorization access token that replaces a user identifier associated with the at least one contact.

15. A computer program product in a non-transitory computer-readable storage medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method, the method comprising:
- connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol;
  
  receiving, by the first web service, a request from a first user;
  
  in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and
  
  mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product as described in claim 15 wherein the delegated authorization protocol is OAuth.
  - 17. The computer program product as described in claim 16 wherein the delegated authorization access token is an OAuth access token generated by the first web service and that has been substituted for a user identifier of the second user.
  - 18. The computer program product as described in claim 15 wherein the second user is a contact of the first user at the first web service.
  - 19. The computer program product as described in claim 18 wherein, by virtue of the mapping of the delegated authorization access token, the second user becomes a contact of the first user at the second web service.
  - 20. The computer program product as described in claim 15 further including transmitting to the second web service information associated with at least one contact associated with the first user.
  - 21. The computer program product as described in claim 20 wherein the information transmitted to the second web service is a delegated authorization access token that replaces a user identifier associated with the at least one contact.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hoy, Jeffrey Robert, Brunn, Jonathan Frederick, Forrester, Jessica Whitley, Hess, Stephen Carlyle
Primary Examiner(s)
EDWARDS, LINGLAN E

Application Number

US14/074,396
Publication Number

US 20150128242A1
Time in Patent Office

845 Days
Field of Search

726 2- 9
US Class Current

1/1
CPC Class Codes

G06Q 50/01   Social networking

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

Federated identity mapping using delegated authorization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Federated identity mapping using delegated authorization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links