Elevating trust in user identity during RESTful authentication and authorization
First Claim
Patent Images
1. A computer-implemented method for authorizing an entity to access a protected resource, said method comprising:
- receiving at a RESTful service implemented at a first server having a first processor and first memory a request by the entity to access the protected resource;
providing an indication of the request to a relying party implemented at a second server having a second processor and second memory that facilitates entity authentication;
receiving, at the RESTful service, a first credential transmitted upon a front channel;
receiving, at the RESTful service, a second credential comprising a SAML credential transmitted upon a back channel;
authenticating the entity based upon the first and second credentials, respectively; and
authorizing the entity, once authenticated, to access the protected resource based upon attributes contained in the SAML credential that comprises the second credential.
2 Assignments
0 Petitions
Accused Products
Abstract
Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user'"'"'s identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential. Attributes from either credential can be used to determine authorization to a protected resource.
16 Citations
16 Claims
-
1. A computer-implemented method for authorizing an entity to access a protected resource, said method comprising:
-
receiving at a RESTful service implemented at a first server having a first processor and first memory a request by the entity to access the protected resource; providing an indication of the request to a relying party implemented at a second server having a second processor and second memory that facilitates entity authentication; receiving, at the RESTful service, a first credential transmitted upon a front channel; receiving, at the RESTful service, a second credential comprising a SAML credential transmitted upon a back channel; authenticating the entity based upon the first and second credentials, respectively; and authorizing the entity, once authenticated, to access the protected resource based upon attributes contained in the SAML credential that comprises the second credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented system for authorizing an entity to access a protected resource, said system comprising:
-
a RESTful service implemented at a first server having a first processor and first memory and operable to; receive a request by the entity to access the protected resource; provide an indication of the request to a relying party implemented at a second server having a second processor and second memory that facilitates entity authentication; receive a first credential transmitted upon a front channel; receive a second credential comprising a SAML credential transmitted upon a back channel; authenticate the entity based upon the first and second credentials, respectively; and authorize the entity to access the protected resource based upon attributes contained in the SAML credential that comprises the second credential. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification