Elevating trust in user identity during RESTful authentication and authorization
First Claim
Patent Images
1. A computer-implemented method of authenticating and authorizing an entity, comprising:
- receiving, by a RESTful service, a request from an entity, wherein the request is for access to a protected resource;
redirecting the entity to a relying party, wherein the relying party facilitates the authentication of the entity and stores a first credential and a SAML credential;
receiving, by the RESTful service, the first credential from the relying party, wherein the first credential is received through a front channel;
receiving, by the RESTful service, the SAML credential from the relying party, wherein the SAML credential is received through a back channel;
authenticating the entity at a level of confidence based on the credential strength of the first credential and based on the credential strength of the SAML credential; and
authorizing the entity'"'"'s access to the protected resource, wherein the authorization is based on attributes contained in the SAML credential.
2 Assignments
0 Petitions
Accused Products
Abstract
Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user'"'"'s identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential. Attributes from either credential can be used to determine authorization to a protected resource.
-
Citations
20 Claims
-
1. A computer-implemented method of authenticating and authorizing an entity, comprising:
-
receiving, by a RESTful service, a request from an entity, wherein the request is for access to a protected resource; redirecting the entity to a relying party, wherein the relying party facilitates the authentication of the entity and stores a first credential and a SAML credential; receiving, by the RESTful service, the first credential from the relying party, wherein the first credential is received through a front channel; receiving, by the RESTful service, the SAML credential from the relying party, wherein the SAML credential is received through a back channel; authenticating the entity at a level of confidence based on the credential strength of the first credential and based on the credential strength of the SAML credential; and authorizing the entity'"'"'s access to the protected resource, wherein the authorization is based on attributes contained in the SAML credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented system, comprising:
-
a computer having a processor and a memory, and a RESTful service operable to; receive, from an entity via an entity agent, a request to access a protected resource, redirect the entity agent to a relying party, receive a first credential related to the request, wherein the first credential is received from the relying party and through a front channel, receive a SAML credential related to the request, wherein the SAML credential is received from the relying party and through a back channel, authenticate the entity at a level of confidence based on the credential strength of the first credential and based on the credential strength of the SAML credential, and authorize the entity'"'"'s access to the protected resource, wherein the authorization is based on attributes contained in the SAML credential; a relying party operable to; facilitate the authentication of the entity, store the first credential and the SAML credential, send, through the front channel, the first credential to the RESTful service, and send, through the back channel, the SAML credential to the RESTful service. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented system, comprising:
-
a computer having a processor and a memory and operable to; receive, from an entity via an entity agent, a request to access a protected resource, redirect the entity agent to a relying party, receive a first credential related to the request, wherein the first credential is received from the relying party and through a front channel, receive a SAML credential related to the request, wherein the SAML credential is received from the relying party and through a back channel, authenticate the entity at a level of confidence based on the credential strength of the first credential and based on the credential strength of the SAML credential, and authorize the entity'"'"'s access to the protected resource, wherein the authorization is based on attributes contained in the SAML credential; a relying party operable to; facilitate the authentication of the entity, store the first credential and the SAML credential, send, through the front channel, the first credential to the RESTful service, and send, through the back channel, the SAML credential to the RESTful service.
-
Specification