Method and system for providing an open and interoperable system
First Claim
1. A method of configuring an open interoperable security assertions markup language (SAML) session comprising:
- receiving a first entity identifier of a first entity by a second entity;
receiving a first account mapping between said first entity and said second entity by said second entity;
storing said first entity identifier and said first account mapping as a first record in a first partner list accessable to said second entity;
receiving a second entity identifier of said second entity by said first entity;
receiving a second account mapping between said second entity and said first entity by said first entity; and
storing said second entity identifier and said second account mapping as a second record in a second partner list accessable to said first entity.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide an open and interoperable single sign-on session in a heterogeneous communication network. The open and interoperable single sign-on system is configured by exchanging an entity identifier, an account mapping, an attribute mapping, a site attribute list, an action mapping and/or the like. The entity identifier, account mapping, attribute mapping, site attribute list, action mapping and the like for each partner entity is stored in a partner list accessable to the particular entity. Thereafter, the open and interoperable single sign-on session may be provided upon receipt of a SAML request or assertion containing an entity identifier. The entity identifier contained in the SAML request or assertion is looked-up in the partner list of the particular entity which received the SAML request or assertion. A record containing a matching entity identifier provides the applicable account mapping, attribute mapping, site attribute list, and/or action mapping. The one or more mappings are then utilized to process the SAML request or assertion.
27 Citations
41 Claims
-
1. A method of configuring an open interoperable security assertions markup language (SAML) session comprising:
-
receiving a first entity identifier of a first entity by a second entity;
receiving a first account mapping between said first entity and said second entity by said second entity;
storing said first entity identifier and said first account mapping as a first record in a first partner list accessable to said second entity;
receiving a second entity identifier of said second entity by said first entity;
receiving a second account mapping between said second entity and said first entity by said first entity; and
storing said second entity identifier and said second account mapping as a second record in a second partner list accessable to said first entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of providing an open interoperable security assertions markup language (SAML) session comprising:
-
receiving a SAML request, comprising an entity identifier, by a first entity;
searching a partner list of said first entity for a record containing a matching entity identifier, wherein said record contains an account mapping; and
processing said SAML request in accordance with said account mapping. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for configuring an open and interoperable security assertions markup language (SAML) session comprising:
-
a first entity comprising;
a first administration module for receiving a first entity identifier of a second entity and a first account mapping between said second entity and said first entity; and
a first partner list, accessible by said first administration module, for storing said first entity identifier and said first account mapping; and
said second entity comprising;
a second administration module for receiving a second identifier of said first entity and a second account mapping between said first entity and said second entity; and
a second partner list, accessible by said second administration module, for storing said second entity identifier and said second account mapping. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for providing an open and interoperable security assertions markup language (SAML) session comprising:
-
a first entity comprising a first session module for generating and sending a SAML request; and
a first partner list, accessible by said first session module, comprising a first plurality of records each comprising an entity identifier and a corresponding account mapping; and
a second entity, communicatively coupled to said first entity, comprising;
a second session module for receiving and processing said SAML request in accordance with an account mapping between said second entity and said first entity; and
a second partner list, accessible by said second session module, comprising a second plurality of records each comprising an entity identifier and a corresponding account mapping. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A computer readable-medium containing a plurality of instructions which when executed cause a network device to implement a method of providing an open and interoperable single sign-on session comprising:
-
receiving a first entity identifier, a first account mapping, a first attribute mapping, a first site attribute list and a first action mapping by said second entity;
storing said first entity identifier, said first account mapping, said first attribute mapping, said first site attribute list and said action mapping as a first record in a first partner list accessible to said second entity;
receiving a second entity identifier, a second account mapping, a second attribute mapping, a second site attribute list and a second action mapping by said first entity; and
storing said second entity identifier, said second account mapping, said second attribute mapping, said second site attribute list and said second action mapping as a second record in a second partner list accessible to said first entity. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41)
-
Specification