Secure identity federation for non-federated systems
First Claim
1. A method of providing a unified access to systems, the method including:
- storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol;
receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials;
verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and
upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
295 Citations
20 Claims
-
1. A method of providing a unified access to systems, the method including:
-
storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system of providing a unified access to systems, the system including:
one or more processors coupled to memory storing computer instructions that, when executed on the processors, implement actions including; storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A non-transitory computer readable medium storing a plurality of instructions for programming one or more processors to provide a unified access to systems, the instructions, when executed on the processors, implementing actions including:
-
storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications include non-federated entities that do not share a common identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; verifying that an intermediary service coupled to the interoperability network, upon receiving a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications, has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service with particular user credentials for the particular remote computer application from the central repository.
-
Specification