Syncronization facility for information domains employing dissimilar protective transformations
First Claim
1. A method of synchronizing credentials between first and second stores that employ dissimilar protective transforms, the method comprising:
- responsive to a change in the second store, invalidating a corresponding entry in the first store; and
upon receipt, by the first store, of an authentication request that includes a credential and which corresponds to the invalidated entry, chaining the authentication request to the second store and, if successful, updating the previously invalidated entry of the first store with the credential.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms have been developed for synchronizing information amongst directory spaces or repositories that employ dissimilar protective transformations. In some exemplary realizations, directory spaces are embodied as directory servers, services or similar components of computer operating systems. In some exemplary realizations, dissimilar protective transformations include differing hashes (or encryption) techniques or facilities employed by products available from Sun Microsystems, Inc., on the one hand, and Microsoft Corporation on another. However, the inventive techniques are not limited thereto. The mechanism is responsive to a change in the second store, invalidating a corresponding entry in the first store. Upon receipt, by the first store, of an authentication request that includes a credential and which corresponds to the invalidated entry, the method chains the authentication request to the second store. If the authentication at the second store is successful, the method updates the previously invalidated entry of the first store with the credential.
76 Citations
57 Claims
-
1. A method of synchronizing credentials between first and second stores that employ dissimilar protective transforms, the method comprising:
-
responsive to a change in the second store, invalidating a corresponding entry in the first store; and
upon receipt, by the first store, of an authentication request that includes a credential and which corresponds to the invalidated entry, chaining the authentication request to the second store and, if successful, updating the previously invalidated entry of the first store with the credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of synchronizing between first and second information domains that employ dissimilar protective transforms, the method comprising:
-
maintaining a mapping between an entry of the first information domain and an entry of the second information domain;
responsive to detection of a change to one of the mapped entries in the second information domain, marking as invalid at least a corresponding element of the mapped entry of the first information domain; and
upon presentation of information corresponding to the marked element, validating the presented information against the second information domain and, if validated, storing a representation thereof in the first information domain, wherein the validating and the storing employ the dissimilar protective transforms. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
- 43. A computer program product executable to synchronize a credential encoded by a first service with that encoded by a second service, wherein the first and second service encodings employ dissimilar protective transforms and wherein, for a first service credential encoding mapped to a corresponding second service encoding, the synchronization is performed in response to an invalidity indication for the first service credential encoding.
-
51. A password synchronization facility comprising:
-
an authentication service that chains to a second service authentication requests corresponding to invalidated entries of the authentication service and, on successful authentication against the second service, updates a corresponding credential encoding of the authentication service; and
a polling agent that detects changes to entries of the second service and triggers invalidation of the corresponding credential encoding of the authentication service. - View Dependent Claims (52)
-
-
53. A password synchronization facility comprising:
a polling agent that detects changes to entries of a credential store and triggers invalidation of corresponding credential encodings of an authentication service, thereby causing the authentication service to chain to a second service authentication requests corresponding to invalidated entries and, on successful authentication against the second service, updates a corresponding credential encoding of the authentication service. - View Dependent Claims (54, 55)
-
56. An apparatus comprising:
-
a first service that employs a different protective transformation than a second service; and
means for synchronizing an invalidated credential encoding of the first service with a credential encoded by a second service without reversing the protective transformation employed by the second service. - View Dependent Claims (57)
-
Specification