Distributed Hierarchical Identity Management
First Claim
Patent Images
1. A method comprising:
- maintaining, by a root, an information schema that includes one or more fields used to store information for a plurality of homesites, the information schema allowing one or more membersites to request the information from one or more of the plurality of homesites;
updating the information schema by adding one or more new fields to the information schema for storing additional information for the plurality of homesites; and
responsive to receiving, by the root, a schema-compliant request for information from the one or more membersites, sending requested information to the one or more membersites.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and methods for identity management and authentication are provided herein. The present invention employs shadow domains to prove entity membership in an identity management system where responsibility for trust relationships is devolved to the user. The present invention additionally teaches doubly signed certificate transmission for authentication of assertions made by third parties in the identity management network.
127 Citations
20 Claims
-
1. A method comprising:
-
maintaining, by a root, an information schema that includes one or more fields used to store information for a plurality of homesites, the information schema allowing one or more membersites to request the information from one or more of the plurality of homesites; updating the information schema by adding one or more new fields to the information schema for storing additional information for the plurality of homesites; and responsive to receiving, by the root, a schema-compliant request for information from the one or more membersites, sending requested information to the one or more membersites. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A tangible computer-readable medium having instructions stored thereon that, responsive to execution by a computing device, cause the computing device to perform operations comprising:
-
maintaining, by a root, an information schema that includes one or more fields used to store information for a plurality of homesites, the information schema allowing one or more membersites to request the information from one or more of the plurality of homesites; updating the information schema by adding one or more new fields to the information schema for storing additional information for the plurality of homesites; and responsive to receiving, by the root, a schema-compliant request for information from the one or more membersites, sending requested information to the one or more membersites. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method comprising:
-
communicating, by a root server, one or more globally unique identifiers (GUIDs) to one or more homesites for association with identity information of users, the one or more GUIDs being configured to be used in an authentication process in a hierarchical distributed identity management network; administering a shadow domain that is configured to communicatively couple one or more homesites with one or more membersites, said one or more homesites and one or more membersites being accessible in the shadow domain, the shadow domain configured to be used to redirect between the one or more homesites and the one or more membersites responsive to successful completion of the authentication process using the one or more GUIDs; and defining and administering an information schema that allows the one or more membersites to request information in a standardized manner from a plurality of homesites. - View Dependent Claims (13, 14, 15)
-
-
16. A system comprising:
a root server configured to comprise part of a hierarchical distributed identity management network, the root server comprising a tangible computer-readable medium having instructions stored thereon, the instructions comprising; instructions to communicate one or more globally unique identifiers (GUIDs) to one or more homesites for association with identity information of users, the one or more GUIDs being configured to be used in an authentication process in the hierarchical distributed identity management network; instructions to administer a shadow domain that is configured to communicatively couple one or more homesites with one or more membersites, said one or more homesites and one or more membersites being accessible in the shadow domain, the shadow domain being configured to be used to redirect between the one or more homesites and the one or more membersites in response to successful completion of the authentication process using the one or more GUIDs; and instructions to define and administer an information schema that allows the one or more membersites to request information from a plurality of homesites. - View Dependent Claims (17, 18, 19, 20)
Specification