Using identity/resource profile and directory enablers to support identity management
First Claim
1. A method of providing a service related to an anonymous principal, the method comprising:
- receiving at a profile enabler from an entity other than the anonymous principal a request related to the anonymous principal, wherein an identity of the anonymous principal is unknown to the profile enabler and wherein the profile enabler cannot authenticate the anonymous principal;
forwarding the request from the profile enabler to a directory enabler, wherein the profile enabler and the directory enabler are separate devices, each comprising at least one individual processor and memory and wherein the directory enabler also cannot authenticate the anonymous principal;
receiving the request from the profile enabler at the directory enabler;
selecting by the directory enabler a service to which the identity of the anonymous principal is known, the service selected from a plurality of different services, each of the plurality of different services separate from the profile enabler and the directory enabler, wherein selecting the service to which the identity of the anonymous principal is known is based on information from the request and information maintained by the directory enabler and identifying each of the plurality of different services and wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services further based on one or more identity attributes related to the anonymous principal;
sending information about the selected service from the directory enabler to the profile enabler;
receiving the information about the selected service from the directory enabler at the profile enabler;
requesting by the profile enabler an identity management result related to the anonymous principal from the selected service, wherein the identity management result is based on authentication of the anonymous principal by the selected service; and
obtaining at the profile enabler an identity management result related to the anonymous principal from the selected service, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises changing by the selected service an identity attribute related to the anonymous principal and wherein the service seeks approval from the principal prior to performing the changing of the identity attribute.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide methods, system and machine-readable media for dynamically providing identity management or other services. According to one embodiment, dynamically providing services can comprise receiving a request related to an unknown principal. A service to which the principal is known can be selected. Once a service to which the principal is known has been located, an identity management result can be obtained from the selected service. The method can further comprise determining based on the identity management result whether the principal is authorized to access a requested resource. In response to determining the principal is authorized, the requested resource can be accessed.
218 Citations
23 Claims
-
1. A method of providing a service related to an anonymous principal, the method comprising:
-
receiving at a profile enabler from an entity other than the anonymous principal a request related to the anonymous principal, wherein an identity of the anonymous principal is unknown to the profile enabler and wherein the profile enabler cannot authenticate the anonymous principal; forwarding the request from the profile enabler to a directory enabler, wherein the profile enabler and the directory enabler are separate devices, each comprising at least one individual processor and memory and wherein the directory enabler also cannot authenticate the anonymous principal; receiving the request from the profile enabler at the directory enabler; selecting by the directory enabler a service to which the identity of the anonymous principal is known, the service selected from a plurality of different services, each of the plurality of different services separate from the profile enabler and the directory enabler, wherein selecting the service to which the identity of the anonymous principal is known is based on information from the request and information maintained by the directory enabler and identifying each of the plurality of different services and wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services further based on one or more identity attributes related to the anonymous principal; sending information about the selected service from the directory enabler to the profile enabler; receiving the information about the selected service from the directory enabler at the profile enabler; requesting by the profile enabler an identity management result related to the anonymous principal from the selected service, wherein the identity management result is based on authentication of the anonymous principal by the selected service; and obtaining at the profile enabler an identity management result related to the anonymous principal from the selected service, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises changing by the selected service an identity attribute related to the anonymous principal and wherein the service seeks approval from the principal prior to performing the changing of the identity attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a plurality of services affecting an identity management result; a profile enabler communicatively coupled with one or more of the services and receiving a request from and related to an anonymous principal, wherein the request is received from an entity other than the anonymous principal, wherein the anonymous principal is unknown to the profile enabler and wherein the profile enabler cannot authenticate the anonymous principal; and a directory enabler communicatively coupled with the profile enabler, wherein the profile enabler and the directory enabler are separate devices, each comprising at least one individual processor and memory and wherein the directory enabler also cannot authenticate the anonymous principal, wherein the profile enabler forwards the request to the directory enabler, wherein the directory enabler receives the request from the profile enabler, selects a service to which the identity of the anonymous principal is known from the plurality of services based on one or more identity attributes related to the anonymous principal, and sends information about the selected service to the profile enabler, wherein selecting the service to which the identity of the anonymous principal is known is based on information from the request and information maintained by the directory enabler and identifying each of the plurality of services and wherein selecting the service to which the identity of the anonymous principal is known comprises selecting the service from a list of services further, wherein the profile enabler obtains an identity management result related to the anonymous principal from the selected service, wherein obtaining the identity management result related to the anonymous principal from the selected service comprises changing by the selected service an identity attribute related to the anonymous principal and wherein the service seeks approval from the principal prior to performing the changing of the identity attribute. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification