Federated realm discovery
First Claim
1. A method comprising:
- receiving, at a user device and via a non-home security authority login user interface implemented at the user device, user credentials of a user, the user credentials comprising at least an identifier of the user and a password;
requesting, by the user device, identification of a home security authority of the user based on the user credentials by accessing a realm list datastore of the user device, the user device having an account with the home security authority but not with the non-home security authority;
responsive to said requesting, receiving the identification of the home security authority of the user; and
requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority.
3 Assignments
0 Petitions
Accused Products
Abstract
A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user'"'"'s credentials before the user'"'"'s secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user'"'"'s home realm and provide realm information directing the user device to login at the home realm.
-
Citations
14 Claims
-
1. A method comprising:
-
receiving, at a user device and via a non-home security authority login user interface implemented at the user device, user credentials of a user, the user credentials comprising at least an identifier of the user and a password; requesting, by the user device, identification of a home security authority of the user based on the user credentials by accessing a realm list datastore of the user device, the user device having an account with the home security authority but not with the non-home security authority; responsive to said requesting, receiving the identification of the home security authority of the user; and requesting authentication for the user to access the non-home security authority from the identified home security authority of the user without sending the user credentials to the non-home security authority. - View Dependent Claims (2, 3, 4, 5, 6, 13)
-
-
7. A computer-readable storage device having computer executable instructions for performing a computer process, the computer process comprising:
-
presenting to a user a login user interface for a non-home security authority within a federation, the non-home security authority and a home security authority being members of the federation, the user having an account with the home security authority but not with the non-home security authority; receiving, via the login user interface for the non-home security authority, user credentials of the user, the user credentials comprising at least a portion of a user identifier unique to the user, said receiving performed independent of transmitting the user credentials to the non-home security authority; requesting identification of the home security authority of the user based on the user credentials from a realm list datastore; responsive to the requesting, receiving identification of the home security authority of the user; and transmitting the user credentials of the user, including the user identifier and associated secret information of the user, to the identified home security authority to request authentication for the user to access the non-home security authority without transmitting the associated secret information of the user to the non-home security authority. - View Dependent Claims (8, 9, 10, 11, 12, 14)
-
Specification