Secure identity federation for non-federated systems
First Claim
1. A method of providing a unified access to non-federated systems, the method including:
- storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol;
receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials;
wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications;
verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and
upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
297 Citations
18 Claims
-
1. A method of providing a unified access to non-federated systems, the method including:
-
storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications; verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system of providing a unified access to non-federated systems, the system including:
one or more processors coupled to memory, the memory loaded with computer instructions that, when executed on the processors, implement actions including; storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications; verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
18. A non-transitory computer readable medium storing a plurality of instructions for programming one or more processors to provide a unified access to non-federated systems, the instructions, when executed on the processors, implementing actions including:
-
storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications; verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository.
-
Specification