Authentication and authorization across autonomous network systems
First Claim
1. An enterprise network architecture, comprising:
- a first network system including one or more first network system domains;
a second network system including one or more second network system domains, the second network system being autonomous from the first network system such that the first network system domains are administratively independent from the second network system domains; and
a trust link between a first network system root domain and a second network system root domain, the trust link configured to provide transitive resource access between the one or more first network system domains and the one or more second network system domains.
2 Assignments
0 Petitions
Accused Products
Abstract
An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
192 Citations
74 Claims
-
1. An enterprise network architecture, comprising:
-
a first network system including one or more first network system domains;
a second network system including one or more second network system domains, the second network system being autonomous from the first network system such that the first network system domains are administratively independent from the second network system domains; and
a trust link between a first network system root domain and a second network system root domain, the trust link configured to provide transitive resource access between the one or more first network system domains and the one or more second network system domains. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A data structure, comprising:
one or more namespace records configured to define a trust link between a network system and an autonomous trusted network system, an individual namespace record including;
a namespace field to maintain a namespace corresponding to the trusted network system;
a namespace data field to maintain a value that identifies the namespace; and
a flag field to maintain an indicator that identifies whether the namespace is trusted. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
32. A network system domain, comprising:
-
a root domain controller communicatively linked with one or more network system domains in a first network system; and
a trusted domain component configured to define a trust link between the root domain controller and a second network system root domain controller, the second network system root domain controller communicatively linked with one or more second network system domains that are administratively independent from the first network system domains, and the trust link being configured to provide transitive resource access between the first network system domains and the second network system domains. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A first network system domain controller performing a method comprising:
-
establishing a trust link with a second network system domain controller to provide transitive resource access between domains in a first network system and domains in a separate, autonomous second network system;
receiving an authentication request from an account managed by a domain in the second network system; and
determining to authenticate the request via the trust link. - View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59)
-
-
60. A first network system domain controller performing a method comprising:
-
establishing a trust link with a second network system domain controller to provide transitive resource access between domains in a first network system and domains in a separate, autonomous second network system;
receiving a resource request from an account managed by the first network system domain controller;
determining to communicate the resource request to the second network system; and
communicating the resource request to the second network system domain controller via the trust link. - View Dependent Claims (61, 62, 63, 64)
-
-
65. One or more computer-readable media comprising computer-executable instructions that, when executed, direct a first network system domain controller to perform a method comprising:
-
establishing a trust link with a second network system domain controller to provide transitive resource access between domains in a first network system and domains in a separate, autonomous second network system;
receiving a resource request from an account managed by a domain controller in the second network system;
determining to communicate the resource request to the second network system; and
communicating the resource request to the second network system domain controller via the trust link. - View Dependent Claims (66)
-
-
67. One or more computer-readable media comprising computer-executable instructions that, when executed, direct a domain controller in a first network system to perform a method comprising:
-
requesting network system identifiers corresponding to a second network system to create a trust link between the first network system and the second network system, the second network system being autonomous from the first network system;
determining whether to accept the network system identifiers;
designating accepted network system identifiers as trusted with trust indicators; and
creating a data structure to maintain the accepted network system identifiers and corresponding trust indicators. - View Dependent Claims (68, 69)
-
-
70. A domain controller in a first network system performing a method, comprising:
-
receiving a security identifier from a domain controller in a second network system via a trust link, the security identifier corresponding to an account managed by the second network system;
determining whether the security identifier is valid; and
trusting the account corresponding to the security identifier if the security identifier is determined to be valid. - View Dependent Claims (71, 72, 73, 74)
-
Specification