Method and system for using a web service license
First Claim
1. A computer-implemented method for implementing a multipurpose license for both authorization and authentication, and which provides flexibility to handle different authentication and authorization purposes and mechanism, the method comprising:
- accessing a multipurpose license, the multipurpose license including;
at least one assertion element, wherein each of the at least one assertion elements includes a statement attribute that includes one or more declarative statements describing a key type, and a separate delegate portion identifying one or more conditions under which rights under the multipurpose license can be delegated; and
a plurality of signature elements associated with the at least one assertion element, wherein the plurality of signature elements are from a plurality of different authorities, and wherein each of the plurality of different signature elements includes a reason attribute providing an explicit identification of a reason why the signature element is included in the multipurpose license;
using the at least one assertion element of the multipurpose license for authentication purposes, by verifying an identity of a source of the assertion in the multipurpose license;
using at least one of the signature elements of the multipurpose license for authorization purposes, wherein the multipurpose license is used for a service.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system are provided such that a universal license may be used for authentication and authorization purposes and may include one or more cryptographic keys as well as assertions and related indications of authenticity. In an aspect of the invention, a license may be presented that includes access information, such that authentication and authorization decisions may be made based only on the access information. In other aspects of the invention, rights may be delegated and a trusted party may assert that another party can be trusted.
-
Citations
9 Claims
-
1. A computer-implemented method for implementing a multipurpose license for both authorization and authentication, and which provides flexibility to handle different authentication and authorization purposes and mechanism, the method comprising:
-
accessing a multipurpose license, the multipurpose license including; at least one assertion element, wherein each of the at least one assertion elements includes a statement attribute that includes one or more declarative statements describing a key type, and a separate delegate portion identifying one or more conditions under which rights under the multipurpose license can be delegated; and a plurality of signature elements associated with the at least one assertion element, wherein the plurality of signature elements are from a plurality of different authorities, and wherein each of the plurality of different signature elements includes a reason attribute providing an explicit identification of a reason why the signature element is included in the multipurpose license; using the at least one assertion element of the multipurpose license for authentication purposes, by verifying an identity of a source of the assertion in the multipurpose license; using at least one of the signature elements of the multipurpose license for authorization purposes, wherein the multipurpose license is used for a service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for implementing a multipurpose license for both authorization and authentication, and which provides flexibility to handle different authentication and authorization purposes and mechanism, the method comprising:
-
accessing a schematized multipurpose license governing access to a resource, the schema of the multipurpose license supporting extensible property to value mappings with referencing and nesting, and the multipurpose license including; at least one addressable portion, each of the at least one addressable portion(s) including at least one assertion element, wherein each of the at least one assertion elements includes a statement attribute that includes one or more declarative statements describing a key type, and a separate delegate portion identifying one or more conditions under which rights under the multipurpose license can be delegated, wherein at least one delegate portion is restricted to a specific number of times the resource may be accessed, a specific time period or window during which access to the resource is allowed, or a specific use for which access to the resource is allowed, and at least one delegate portion including a specification of a number of sub-delegations allowed; and a plurality of signature elements associated with the at least one assertion element, wherein the plurality of signature elements are from a plurality of different authorities, and wherein each of the plurality of different signature elements includes a reason attribute providing an explicit identification of a reason why the signature element is included in the multipurpose license, wherein at least one of the plurality of signature elements is a countersignature, and the explicit identification of the reason why the countersignature is included is to attest to validity of the multipurpose license; using the at least one assertion element of the multipurpose license for authentication purposes, by verifying an identity of a source of the assertion in the multipurpose license; using at least one of the signature elements of the multipurpose license for authorization purposes, wherein the multipurpose license is used for a service.
-
Specification