Enabling identity information exchange between circles of trust

US 7,784,085 B2
Filed: 12/08/2005
Issued: 08/24/2010
Est. Priority Date: 12/08/2005
Status: Active Grant

First Claim

Patent Images

1. A system for identifying a principal in a first circle of trust, comprising:

a service provider within the first circle of trust, wherein the first circle of trust is implemented using a first architecture;

a first identity provider comprising a first computer processor and operatively connected to the service provider in the first circle of trust, wherein the first identity provider is configured to;

receive a request for identity information associated with the principal from the service provider;

determine that no identification exists for the principal within the first circle of trust;

generate a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture;

anda second identity provider, comprising a second computer processor, within a second circle of trust and configured to;

receive the translated identity assertion request from the first identity provider;

generate identity information associated with the principal in response to the translated identity assertion request; and

send the identity information associated with the principal to the first identity provider in the first circle of trust, wherein the second circle of trust is implemented using the second architecture, andwherein the first identity provider in the first circle of trust is further configured to translate identity information associated with the principal received from the second identity provider into a format compliant with the first architecture and provide the identity information received from the second identity provider to the service provider.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for identifying a principal consisting of a service provider in a first circle of trust, where the first circle of trust is implemented using a first architecture; a first identity provider operatively connected to the service provider in the first circle of trust; and a second identity provider in a second circle of trust, where the second circle of trust is implemented using a second architecture, where the first identity provider is configured to contact the second identity provider, in compliance with the second architecture, as a virtual service provider in the second circle of trust to obtain identity information associated with the principal thereby allowing the first identity provider to identify the principal in the first circle of trust.

6 Citations

View as Search Results

16 Claims

1. A system for identifying a principal in a first circle of trust, comprising:
- a service provider within the first circle of trust, wherein the first circle of trust is implemented using a first architecture;
  
  a first identity provider comprising a first computer processor and operatively connected to the service provider in the first circle of trust, wherein the first identity provider is configured to;
  
  receive a request for identity information associated with the principal from the service provider;
  
  determine that no identification exists for the principal within the first circle of trust;
  
  generate a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture;
  
  anda second identity provider, comprising a second computer processor, within a second circle of trust and configured to;
  
  receive the translated identity assertion request from the first identity provider;
  
  generate identity information associated with the principal in response to the translated identity assertion request; and
  
  send the identity information associated with the principal to the first identity provider in the first circle of trust, wherein the second circle of trust is implemented using the second architecture, andwherein the first identity provider in the first circle of trust is further configured to translate identity information associated with the principal received from the second identity provider into a format compliant with the first architecture and provide the identity information received from the second identity provider to the service provider.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the first identity provider discovers the second identity provider using a cookie associated with the principal.
  - 3. The system of claim 1, wherein the first identity provider discovers the second identity provider using a data structure.
  - 4. The system of claim 1, wherein the identity information comprises an identity assertion.
  - 5. The system of claim 1, wherein the principal is a web service.

6. A non-transitory computer readable storage medium comprising software instructions for identifying a principal in a first circle of trust, the software instructions, when executed by a computer processor, comprising functionality to:
- receive, by a first identity provider, a request for identity information associated with the principal from a service provider, wherein the first identity provider and the service provider are within the first circle of trust, and wherein the first circle of trust is implemented using a first architecture;
  
  determine, by the first identity provider, that no identification exists for the principal within the first circle of trust;
  
  generate, by the first identity provider, a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture;
  
  send, by the first identity provider, the translated identity assertion request to a second identity provider in a second circle of trust,wherein the second circle of trust is implemented using the second architecture, andwherein the second identify provider in the second circle of trust generates identity information associated with the principal in response to the translated identity assertion request and sends the identity information associated with the principal to the first identity provider in the first circle of trust;
  
  andprovide, by the first identity provider translated identity information associated with the principal received from the second identity provider into a format compliant with the first architecture, the identity information associated with the principal to the service provider, wherein the identity information is used for granting the principal access to the service provider.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The medium of claim 6, wherein the first identity provider corresponds to a virtual service provider in the second circle of trust.
  - 8. The medium of claim 6, wherein the principal is identified in the second circle of trust.
  - 9. The medium of claim 6, further comprising discovering the second identity provider using a cookie associated with the principal.
  - 10. The medium of claim 6, further comprising discovering the second identity provider using a data structure.
  - 11. The medium of claim 6, wherein the identity information comprises an identity assertion.

12. A method for identifying a principal in a first circle of trust, comprising:
- receiving, by a first identity provider comprising a computer processor, a request for identity information associated with the principal from a service provider, wherein the first identity provider and the service provider are within the first circle of trust, and wherein the first circle of trust is implemented using a first architecture;
  
  determining, by the first identity provider, that no identification exists for the principal within the first circle of trust;
  
  generating, by the first identity provider and using the computer processor, a translated identity assertion request by translating the request for identity information to be in compliance with a second architecture;
  
  sending, by the first identity provider and using the computer processor, the translated identity assertion request to a second identity provider in a second circle of trust,wherein the second circle of trust is implemented using the second architecture,wherein the second circle of trust is separate from the first circle of trust, andwherein the second identify provider in the second circle of trust generates identity information associated with the principal in response to the translated identity assertion request and sends the identity information associated with the principal to the first identity provider in the first circle of trust;
  
  andproviding, by the first identity provider and using the computer processor translated identity information associated with the principal received from the second identity provider into a format compliant with the first architecture, the identity information associated with the principal to the service provider, wherein the identity information to used for granting the principal access to the service provider in the first circle of trust.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the identity information comprises an identity assertion.
  - 14. The method of claim 12, wherein the principal is a web service.
  - 15. The method of claim 12, wherein the first identity provider discovers the second identity provider using a cookie associated with the principal.
  - 16. The method of claim 12, wherein the first identity provider corresponds to a virtual service provider in the second circle of trust.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Maler, Eve, Le Van Gong, Hubert A., Angal, Rajeev
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Reza; Mohammad W

Application Number

US11/297,215
Publication Number

US 20070136786A1
Time in Patent Office

1,720 Days
Field of Search

726/3, 713/155
US Class Current

726/3
CPC Class Codes

G06F 21/33 using certificates

H04L 63/0815 providing single-sign-on or...

Enabling identity information exchange between circles of trust

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Enabling identity information exchange between circles of trust

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others