System and method for improved electronic security credentials
First Claim
1. A method for handling network security, said method comprising:
- receiving, at a first server, a first request from a requestor;
authenticating the request;
extracting an identity assertion value corresponding to the requestor in response to the authentication;
identifying an identity assertion type corresponding to the identity assertion value; and
storing the identity assertion value and the identity assertion type in an authentication credential.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for improved electronic security credentials is presented. A client sends a request to a server wherein the request includes a user'"'"'s identity information. The server authenticates the user using the user'"'"'s identity information, and creates an authentication credential. The server stores the user'"'"'s identity information in the authentication credential in the same form as it was received. If the server determines that the request should be sent to a downstream server, the server creates a message and includes the user'"'"'s identity information in the message. The continued propagation of the user'"'"'s original identity information preserves the integrity of the user'"'"'s identity on a server-by-server basis. Each server may map this information to a credential in a way that it chooses based upon the server'"'"'s underlying authentication mechanism and mapping rules.
44 Citations
20 Claims
-
1. A method for handling network security, said method comprising:
-
receiving, at a first server, a first request from a requestor;
authenticating the request;
extracting an identity assertion value corresponding to the requestor in response to the authentication;
identifying an identity assertion type corresponding to the identity assertion value; and
storing the identity assertion value and the identity assertion type in an authentication credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. An information handling system comprising:
-
one or more processors;
a memory accessible by the processors;
one or more nonvolatile storage devices accessible by the processors;
a network security tool to handle network security, the network security tool including;
means for receiving, at a first server, a first request from a requestor;
means for authenticating the request;
means for extracting an identity assertion value corresponding to the requester in response to the authentication;
means for identifying an identity assertion type corresponding to the identity assertion value; and
means for storing the identity assertion value and the identity assertion type in an authentication credential. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product stored in a computer operable media for handling network security, said computer program product comprising:
-
means for receiving, at a first server, a first request from a requestor;
means for authenticating the request;
means for extracting an identity assertion value corresponding to the requester in response to the authentication;
means for identifying an identity assertion type corresponding to the identity assertion value; and
means for storing the identity assertion value and the identity assertion type in an authentication credential. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification