Method and system for providing an open and interoperable system
First Claim
1. A method of configuring an open interoperable security assertion markup language (SAML) session comprising:
- receiving a first entity identifier of a first entity by a second entity;
receiving a first account mapping between said first entity and said second entity by said second entity;
storing said first entity identifier and said first account mapping as a first record in a first partner list accessible to said second entity;
receiving a second entity identifier of said second entity by said first entity;
receiving a second account mapping between said second entity and said first entity by said first entity;
storing said second entity identifier and said second account mapping as a second record in a second partner list accessible to said first entity;
receiving one or more mappings between said first entity and said second entity by said second entity, wherein the mappings are selected from the group consisting of an attribute mapping, a site attribute list, an account mapping, and an action mapping;
storing said one or more mappings between said first entity and said second entity as a part of said first record in said first partner list accessible to said second entity;
receiving one or more mappings between said second entity and said first entity by said first entity, wherein the mappings are selected from the group consisting of an attribute mapping, a site attribute list, an account mapping, and an action mapping; and
storing said one or more mappings between said second entity and said first entity as part of said second record in said second partner list accessible to said first entity.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide an open and interoperable single sign-on session in a heterogeneous communication network. The open and interoperable single sign-on system is configured by exchanging an entity identifier, an account mapping, an attribute mapping, a site attribute list, an action mapping and/or the like. The entity identifier, account mapping, attribute mapping, site attribute list, action mapping and the like for each partner entity is stored in a partner list accessable to the particular entity. Thereafter, the open and interoperable single sign-on session may be provided upon receipt of a SAML request or assertion containing an entity identifier. The entity identifier contained in the SAML request or assertion is looked-up in the partner list of the particular entity which received the SAML request or assertion. A record containing a matching entity identifier provides the applicable account mapping, attribute mapping, site attribute list, and/or action mapping. The one or more mappings are then utilized to process the SAML request or assertion.
54 Citations
26 Claims
-
1. A method of configuring an open interoperable security assertion markup language (SAML) session comprising:
-
receiving a first entity identifier of a first entity by a second entity; receiving a first account mapping between said first entity and said second entity by said second entity; storing said first entity identifier and said first account mapping as a first record in a first partner list accessible to said second entity; receiving a second entity identifier of said second entity by said first entity; receiving a second account mapping between said second entity and said first entity by said first entity; storing said second entity identifier and said second account mapping as a second record in a second partner list accessible to said first entity; receiving one or more mappings between said first entity and said second entity by said second entity, wherein the mappings are selected from the group consisting of an attribute mapping, a site attribute list, an account mapping, and an action mapping; storing said one or more mappings between said first entity and said second entity as a part of said first record in said first partner list accessible to said second entity; receiving one or more mappings between said second entity and said first entity by said first entity, wherein the mappings are selected from the group consisting of an attribute mapping, a site attribute list, an account mapping, and an action mapping; and storing said one or more mappings between said second entity and said first entity as part of said second record in said second partner list accessible to said first entity. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of configuring an open interoperable security assertion markup language (SAML) session comprising:
-
receiving a first entity identifier of a first entity by a second entity; receiving a first account mapping between said first entity and said second entity by said second entity; storing said first entity identifier and said first account mapping as a first record in a first partner list accessible to said second entity; receiving a second entity identifier of said second entity by said first entity; receiving a second account mapping between said second entity and said first entity by said first entity; storing said second entity identifier and said second account mapping as a second record in a second partner list accessible to said first entity; receiving a first client certificate of said first entity by said second entity; receiving a first network address of said first entity by said second entity; storing said first client certificate and said first network address as another part of said first record in said first partner list accessible to said second entity; receiving a second client certificate of said second entity by said first entity; receiving a second network address of said second entity by said first entity; and storing said second client certificate and said second network address as another part of said second record in said second partner list accessible to said first entity.
-
-
7. A method of providing an open interoperable security assertion markup language (SAML) session comprising:
-
receiving, by a first entity, a SAML request from a second entity, comprising an entity identifier; searching a partner list of said first entity for a record containing a matching entity identifier, wherein said record contains an account mapping and an attribute mapping, wherein said account mapping defines a mapping of an account of said second entity to an account of said first entity, and wherein said attribute mapping defines a mapping of an attribute of said second entity to an attribute of said first entity; processing said SAML request in accordance with said account mapping and said attribute mapping; and sending a SAML assertion in response to said SAML request. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for configuring an open and interoperable security assertion markup language (SAML) session comprising:
-
a first entity comprising; a first administration module for receiving a first entity identifier of a second entity and a first account mapping between said second entity and said first entity; and a first partner list, accessible by said first administration module, for storing said first entity identifier and said first account mapping; and said second entity comprising; a second administration module for receiving a second identifier of said first entity and a second account mapping between said first entity and said second entity; and a second partner list, accessible by said second administration module, for storing said second entity identifier and said second account mapping;
whereinsaid first administration module receives a first attribute mapping between said second entity and said first entity; said first partner list stores said first attribute mapping; said second administration module receives a second attribute mapping between said first entity and said second entity; and said second partner list stores said second attribute mapping. - View Dependent Claims (14)
-
-
15. A system for configuring an open and interoperable security assertion markup language (SAML) session comprising:
-
a first entity comprising; a first administration module for receiving a first entity identifier of a second entity and a first account mapping between said second entity and said first entity; and a first partner list, accessible by said first administration module, for storing said first entity identifier and said first account mapping; and said second entity comprising; a second administration module for receiving a second identifier of said first entity and a second account mapping between said first entity and said second entity; and a second partner list, accessible by said second administration module, for storing said second entity identifier and said second account mapping;
whereinsaid first administration module receives a first site attribute list between said second entity and said first entity; said first partner list stores said first site attribute list; said second administration module receives a second site attribute list between said first entity and said second entity; and said second partner list stores said second site attribute list. - View Dependent Claims (16)
-
-
17. A system for configuring an open and interoperable security assertion markup language (SAML) session comprising:
-
a first entity comprising; a first administration module for receiving a first entity identifier of a second entity and a first account mapping between said second entity and said first entity; and a first partner list, accessible by said first administration module, for storing said first entity identifier and said first account mapping; and said second entity comprising; a second administration module for receiving a second identifier of said first entity and a second account mapping between said first entity and said second entity; and a second partner list, accessible by said second administration module, for storing said second entity identifier and said second account mapping;
whereinsaid first administration module receives a first action mapping between said second entity and said first entity; said first partner list stores said first action mapping; said second administration module receives a second action mapping between said first entity and said second entity; and said second partner list stores said second action mapping. - View Dependent Claims (18)
-
-
19. A system for providing an open and interoperable security assertion markup language (SAML) session comprising:
-
a first entity comprising; a first session module for generating and sending a SAML request, said SAML request comprising an entity identifier; and a second entity, communicatively coupled to said first entity, comprising; a second session module for receiving and processing said SAML request; and a partner list, accessible by said second session module, comprising a record that contains a matching entity identifier, said record further containing an account mapping and an attribute mapping, wherein said account mapping defines a mapping of an account of said second entity to an account of said first entity, and wherein said attribute mapping defines a mapping of an attribute of said second entity to an attribute of said first entity; wherein said second session module searches for said record, processes said SAML request in accordance with said account mapping and said attribute mapping, and sends a SAML assertion in response to said SAML request. - View Dependent Claims (20, 21)
-
-
22. A computer readable medium comprising one or more instructions which, when executed by one or more processors, cause the one or more processors to implement a method comprising:
-
receiving, by a first entity, a security assertion markup language (SAML) request from a second entity, wherein the SAML request comprises an entity identifier; searching a partner list for a record containing a matching entity identifier, wherein said record contains an account mapping and an attribute mapping, wherein said account mapping defines a mapping of an account of said second entity to an account of said first entity, and wherein said attribute mapping defines a mapping of an attribute of said second entity to an attribute of said first entity; processing said SAML request in accordance with said account mapping and said attribute mapping; and sending a SAML assertion in response to said SAML request. - View Dependent Claims (23, 24, 25, 26)
-
Specification