System and method for user enrollment in an e-community
First Claim
1. A method for allowing an Internet or intranet browser user to conveniently transfer directly to a domain that is participating in an e-community, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said method comprising the steps of:
- automatically enrolling said user at a group of affiliated domains within said e-community through exchange of a single home domain identity cookie shared among said plurality of affiliated domains by;
(a) defining a minimal group of affiliated domains for automatic enrollment corresponding to a condition selected from the group of users home domain, and a common set of domains required by all users participating in a given e-community;
(b) providing a single-sign-on plug-in to said home domain and to each of said affiliated e-community domains;
(c) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to trigger enrollment functionality;
(d) upon redirection to a first affiliated e-community domain during step (b);
(i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user;
(ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser;
(iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain;
(iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
enrollment successful”
indicator;
(v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser;
(vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
enrollment successful at first affiliated domain”
symbol in said extensible data area; and
(vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory;
(e) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (d)(ii) through (d)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
enrollment success”
symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;
when said user'"'"'s browser is pointed at a given affiliated domain server subsequent to completion of said building of said home domain identity cookie having a plurality of enrollment success symbols, vouching for the identity of the user through exchange of a vouch-four request and vouch-for response between said home domain server and said given affiliated domain server; and
building a local session at said given affiliated domain for said user using a protected resource of said given affiliated domain responsive to receipt of said vouch-for response.
4 Assignments
0 Petitions
Accused Products
Abstract
An Internet user transfers directly to a domain within an e-community without returning to a home domain or re-authenticating. The user'"'"'s home domain server prepares and forwards a home domain identity cookie (DIDC) with an enrollment request to a user'"'"'s browser, with the enrollment request being redirected to an affiliated domain server in the e-community. The affiliated domain server prepares and sends an affiliated DIDC with an enrollment confirmation to the user'"'"'s browser, redirecting the enrollment confirmation to the home domain server. The home domain server modifies the home DIDC to include a symbol which indicates successful enrollment at the affiliated site. The process may be repeated for a plurality of affiliated domains to achieve automatic enrollment a portion of or an entire e-community.
245 Citations
21 Claims
-
1. A method for allowing an Internet or intranet browser user to conveniently transfer directly to a domain that is participating in an e-community, said e-community comprising a plurality of affiliated domain servers, said user being properly registered and authenticated to a home domain server within said e-community, said method comprising the steps of:
-
automatically enrolling said user at a group of affiliated domains within said e-community through exchange of a single home domain identity cookie shared among said plurality of affiliated domains by; (a) defining a minimal group of affiliated domains for automatic enrollment corresponding to a condition selected from the group of users home domain, and a common set of domains required by all users participating in a given e-community; (b) providing a single-sign-on plug-in to said home domain and to each of said affiliated e-community domains; (c) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to trigger enrollment functionality; (d) upon redirection to a first affiliated e-community domain during step (b); (i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user; (ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser; (iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain; (iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
enrollment successful”
indicator;(v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser; (vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
enrollment successful at first affiliated domain”
symbol in said extensible data area; and(vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory; (e) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (d)(ii) through (d)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
enrollment success”
symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;when said user'"'"'s browser is pointed at a given affiliated domain server subsequent to completion of said building of said home domain identity cookie having a plurality of enrollment success symbols, vouching for the identity of the user through exchange of a vouch-four request and vouch-for response between said home domain server and said given affiliated domain server; and building a local session at said given affiliated domain for said user using a protected resource of said given affiliated domain responsive to receipt of said vouch-for response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable medium encoded with software for allowing an Internet or intranet browser user to conveniently transfer directly to a domain that is participating in an e-community, said e-community comprising a plurality of affiliated domain servers, said user being registered and authenticated to a home domain server within said e-community, said software performing the steps of:
-
automatically enrolling said user at a group of affiliated domains within said e-community through exchange of a single home domain identity cookie shared among said plurality of affiliated domains by; (a) defining a minimal group of affiliated domains for automatic enrollment corresponding to a condition selected from the group of user'"'"'s home domain, and a common set of domains required by all users participating in a given e-community; (b) providing a single-sign-on plug-in to said home domain and to each of said affiliated e-community domains; (c) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to tripper enrollment functionality; (d) upon redirection to a first affiliated e-community domain during step (b); (i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user; (ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser; (iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain; (iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
enrollment successful”
indicator;(v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser; (vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
enrollment successful at first affiliated domain”
symbol in said extensible data area; and(vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory; (e) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (d)(ii) through (d)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
enrollment success”
symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;when said user'"'"'s browser is pointed at a given affiliated domain server subsequent to completion of said building of said home domain identity cookie having a plurality of enrollment success symbols, vouching for the identity of the user through exchange of a vouch-four request and vouch-for response between said home domain server and said given affiliated domain server; and building a local session at said given affiliated domain for said user using a protected resource of said given affiliated domain responsive to receipt of said vouch-for response. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for convenient e-community enrollment by an Internet or intranet user using cross-domain single-sign-on to a group of affiliated domains that are participating in an e-community, said user being properly registered and authenticated to a home domain server within said e-community, said system comprising:
-
a single-sign-on plug-in operatively disposed to a home domain server; a minimal group of affiliated domains defined in a list for automatic enrollment corresponding to a condition selected from the group of user'"'"'s home domain, and a common set of domains required by all users participating in a given e-community, said list being accessible by said home domain single-sign-on plug-in; a plurality of single-sign-on plug-ins, each of which is operatively disposed to an affiliated e-community domain server; a home domain identity cookie having a plurality of enrollment success symbols in an extensible data area, said symbols being accumulated by passing said home domain identity cookie by said home domain among said group of affiliated domains, said passing occurring in a star topology centered upon a user'"'"'s web browser, by; (a) responsive to a user activating a group enrollment functionality, redirecting a user'"'"'s browser from one domain to another according to a e-community domain members list, until each domain within said e-community has been visited once, said redirection being performed by said user'"'"'s home domain according to a star topology during which said home domain determines and reports the status of each enrollment attempt across said e-community, and wherein each affiliated domain within said e-community provides an enrollment page with resources required to tripper enrollment functionality; (b) upon redirection to a first affiliated e-community domain during step (a); (i) said home domain single-sign-on plug-in building a home identity cookie having an extensible data area and an enrollment token for the user; (ii) redirecting said home identity cookie and enrollment token to said first e-community domain via-said user'"'"'s web browser; (iii) unpacking said enrollment token in said home identity cookie by said single-sign-on plug-in at said first affiliated domain; (iv) building an affiliated domain identity cookie for said user by said first affiliated domain single-sign-on plug-in including an “
enrollment successful”
indicator;(v) redirecting said affiliated domain identity cookie to said home domain via said user'"'"'s web browser; (vi) upon receipt of said enrollment successful indicator, modifying said home identity cookie to include an “
enrollment successful at first affiliated domain”
symbol in said extensible data area; and(vii) returning said modified home identity cookie to said user'"'"'s web browser for storage in persistent memory; (c) upon redirection to additional domains affiliated in said e-community subsequent to redirection to said first affiliated domain, repeating said steps of (b)(ii) through (b)(vii) wherein each step performed by said first affiliated domain is alternatively performed by said single-sign-on plug-in at each additional affiliated domain, thereby building up and accumulating “
enrollment success”
symbols in said extensible data area of said single, shared home domain identity cookie upon successful enrollment at each additional affiliated domain within said e-community;a vouch-for request receivable by a home domain server transmitted by a given affiliated domain upon pointing of said user'"'"'s web browser to said given affiliated domain; and a vouch-for response receivable by said affiliated domain server transmitted by said home domain responsive to receipt of said vouch-for request. - View Dependent Claims (18, 19, 20, 21)
-
Specification