Using identity/resource profile and directory enablers to support identity management

US 9,674,180 B2
Filed: 11/15/2013
Issued: 06/06/2017
Est. Priority Date: 01/11/2006
Status: Active Grant

First Claim

Patent Images

1. A method of providing a service related to an anonymous principal, the method comprising:

receiving at a profile enabler from an entity other than the anonymous principal a request related to the anonymous principal, wherein an identity of the anonymous principal is unknown to the profile enabler and wherein the profile enabler cannot authenticate the anonymous principal;

forwarding the request from the profile enabler to a directory enabler, wherein the profile enabler and the directory enabler are separate devices, each comprising at least one individual processor and memory and wherein the directory enabler also cannot authenticate the anonymous principal;

receiving the request from the profile enabler at the directory enabler;

selecting by the directory enabler a service to which the identity of the anonymous principal is known, the service selected from a plurality of different services, each of the plurality of different services separate from the profile enabler and the directory enabler, wherein selecting the service to which the identity of the anonymous principal is known is based on information from the request and information maintained by the directory enabler and identifying each of the plurality of different services and wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services further based on one or more identity attributes related to the anonymous principal;

sending information about the selected service from the directory enabler to the profile enabler;

receiving the information about the selected service from the directory enabler at the profile enabler;

requesting by the profile enabler an identity management result related to the anonymous principal from the selected service, wherein the identity management result is based on authentication of the anonymous principal by the selected service; and

obtaining at the profile enabler an identity management result related to the anonymous principal from the selected service, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises changing by the selected service an identity attribute related to the anonymous principal and wherein the service seeks approval from the principal prior to performing the changing of the identity attribute.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide methods, system and machine-readable media for dynamically providing identity management or other services. According to one embodiment, dynamically providing services can comprise receiving a request related to an unknown principal. A service to which the principal is known can be selected. Once a service to which the principal is known has been located, an identity management result can be obtained from the selected service. The method can further comprise determining based on the identity management result whether the principal is authorized to access a requested resource. In response to determining the principal is authorized, the requested resource can be accessed.

218 Citations

23 Claims

1. A method of providing a service related to an anonymous principal, the method comprising:
- receiving at a profile enabler from an entity other than the anonymous principal a request related to the anonymous principal, wherein an identity of the anonymous principal is unknown to the profile enabler and wherein the profile enabler cannot authenticate the anonymous principal;
  
  forwarding the request from the profile enabler to a directory enabler, wherein the profile enabler and the directory enabler are separate devices, each comprising at least one individual processor and memory and wherein the directory enabler also cannot authenticate the anonymous principal;
  
  receiving the request from the profile enabler at the directory enabler;
  
  selecting by the directory enabler a service to which the identity of the anonymous principal is known, the service selected from a plurality of different services, each of the plurality of different services separate from the profile enabler and the directory enabler, wherein selecting the service to which the identity of the anonymous principal is known is based on information from the request and information maintained by the directory enabler and identifying each of the plurality of different services and wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services further based on one or more identity attributes related to the anonymous principal;
  
  sending information about the selected service from the directory enabler to the profile enabler;
  
  receiving the information about the selected service from the directory enabler at the profile enabler;
  
  requesting by the profile enabler an identity management result related to the anonymous principal from the selected service, wherein the identity management result is based on authentication of the anonymous principal by the selected service; and
  
  obtaining at the profile enabler an identity management result related to the anonymous principal from the selected service, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises changing by the selected service an identity attribute related to the anonymous principal and wherein the service seeks approval from the principal prior to performing the changing of the identity attribute.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein selecting the service to which the identity of the anonymous principal is known is based on one or more identity attributes related to the anonymous principal.
  - 3. The method of claim 2, wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services based on the identity attributes related to the anonymous principal.
  - 4. The method of claim 1, wherein selecting the service to which the identity of the anonymous principal is known is based on a Universal Resource Identifier (URI) provided by the anonymous principal.
  - 5. The method of claim 1, wherein the identity attributes related to the anonymous principal are provided by the anonymous principal.
  - 6. The method of claim 1, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises obtaining a security token related to the anonymous principal.
  - 7. The method of claim 6, further comprising determining with the profile enabler based on the security token whether the anonymous principal is authorized to access a requested resource and, in response to determining the anonymous principal is authorized, accessing the requested resource.
  - 8. The method of claim 1, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises obtaining from the selected service an identity attribute related to the anonymous principal.
  - 9. The method of claim 1, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises obtaining from the selected service an indication of the anonymous principal being authenticated.
  - 10. The method of claim 1, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises affecting the anonymous principal by the selected service.
  - 11. The method of claim 1, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises redirecting the anonymous principal to the selected service.
  - 12. The method of claim 11, further comprising receiving a security token at the profile enabler from the anonymous principal, determining with the profile enabler based on the security token whether the anonymous principal is authorized to access the requested resource, and in response to determining the anonymous principal is authorized, accessing the requested resource from the profile enabler.
  - 13. The method of claim 1, further comprising, prior to obtaining the identity management result related to the anonymous principal from the selected service, requesting permission by the profile enabler from the anonymous principal to affect the identity management result and wherein obtaining the identity management result further comprises obtaining the identity management result only if the anonymous principal grants permission.

14. A system comprising:
- a plurality of services affecting an identity management result;
  
  a profile enabler communicatively coupled with one or more of the services and receiving a request from and related to an anonymous principal, wherein the request is received from an entity other than the anonymous principal, wherein the anonymous principal is unknown to the profile enabler and wherein the profile enabler cannot authenticate the anonymous principal; and
  
  a directory enabler communicatively coupled with the profile enabler, wherein the profile enabler and the directory enabler are separate devices, each comprising at least one individual processor and memory and wherein the directory enabler also cannot authenticate the anonymous principal, wherein the profile enabler forwards the request to the directory enabler, wherein the directory enabler receives the request from the profile enabler, selects a service to which the identity of the anonymous principal is known from the plurality of services based on one or more identity attributes related to the anonymous principal, and sends information about the selected service to the profile enabler, wherein selecting the service to which the identity of the anonymous principal is known is based on information from the request and information maintained by the directory enabler and identifying each of the plurality of services and wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services further, wherein the profile enabler obtains an identity management result related to the anonymous principal from the selected service, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises changing by the selected service an identity attribute related to the anonymous principal and wherein the service seeks approval from the principal prior to performing the changing of the identity attribute.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system of claim 14, wherein the directory enabler selects the service to which the anonymous principal is known based on one or more identity attributes related to the anonymous principal.
  - 16. The system of claim 15, wherein the identity attributes related to the anonymous principal are provided by the anonymous principal.
  - 17. The system of claim 14, wherein the profile enabler obtains the identity management result related to the anonymous principal from the service to which the identity of the anonymous principal is known by obtaining a security token related to the anonymous principal.
  - 18. The system of claim 17, wherein the profile enabler further determines based on the security token whether the anonymous principal is authorized to access a requested resource.
  - 19. The system of claim 14, wherein the profile enabler obtains the identity management result related to the anonymous principal from the selected service by obtaining from the selected service an identity attribute related to the anonymous principal.
  - 20. The system of claim 14, wherein the profile enabler obtains the identity management result related to the anonymous principal from the selected service by requesting the selected service to change an identity attribute related to the anonymous principal.
  - 21. The system of claim 14, wherein the profile enabler obtains the identity management result related to the anonymous principal from the selected service by requesting the selected service to affect the anonymous principal.
  - 22. The system of claim 14, wherein the profile enabler obtains the identity management result related to the anonymous principal from the service by redirecting the anonymous principal to the selected service.
  - 23. The system of claim 22, wherein the profile enabler is further adapted to receive the security token from the anonymous principal and determine based on the security token whether the anonymous principal is authorized to access a requested resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maes, Stephane H.
Primary Examiner(s)
Le, David

Application Number

US14/081,578
Publication Number

US 20140075531A1
Time in Patent Office

1,299 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 61/45   Network directories; Name-t...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 67/53   using third party service p...

Using identity/resource profile and directory enablers to support identity management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

218 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Using identity/resource profile and directory enablers to support identity management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

218 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links