Systems and methods for providing distributed authentication of service requests by identity management components
First Claim
Patent Images
1. A client device in a network having a plurality of identity management (IDM) components, the client device comprising:
- a processor and a memory, said memory containing instructions executed by said processor to cause the processor to;
generate a request for authentication for a service provided by a service provider;
publish, to a broker for selecting a particular IDM component from the plurality of IDM components providing distributed authentication for accessing the service provided by the service provider, the authentication request using a publish-subscribe message pattern wherein the client device is a publisher and the plurality of IDM components are subscribers;
receive an authentication initiation message from the particular IDM component selected by the broker; and
directly negotiate with the particular IDM component selected by the broker for a receipt of authentication information identifying the particular IDM component of the plurality of IDM components.
2 Assignments
0 Petitions
Accused Products
Abstract
There is described a system for authenticating a client device in a network having a plurality of IDM components. One or more of the IDM components subscribes (using the publish-subscribe message pattern) to authentication requests published by client devices. The client device publishes an authentication request into the network. The most appropriate IDM component to process the published authentication request is selected, and the authentication request forwarded to the selected IDM component. The selected IDM component is then operated to negotiate with and authenticate the client device.
22 Citations
19 Claims
-
1. A client device in a network having a plurality of identity management (IDM) components, the client device comprising:
-
a processor and a memory, said memory containing instructions executed by said processor to cause the processor to; generate a request for authentication for a service provided by a service provider; publish, to a broker for selecting a particular IDM component from the plurality of IDM components providing distributed authentication for accessing the service provided by the service provider, the authentication request using a publish-subscribe message pattern wherein the client device is a publisher and the plurality of IDM components are subscribers; receive an authentication initiation message from the particular IDM component selected by the broker; and directly negotiate with the particular IDM component selected by the broker for a receipt of authentication information identifying the particular IDM component of the plurality of IDM components. - View Dependent Claims (2, 3, 4, 5, 6, 17, 18, 19)
-
-
7. An identity management (IDM) component in a network having a plurality of IDM components, the IDM component comprising:
-
a processor and a memory, said memory containing instructions executed by said processor to cause the processor to; subscribe, via a broker disposed between a client device and a service provider, to receive authentication requests published by the client device in the network, wherein the client device is a publisher and the IDM component is a subscriber; receive, from the broker, an authentication request published by a client device, the IDM component selected from the plurality of IDM components for providing authentication for accessing a service provided by the service provider; initiate, by the IDM component, a negotiation directly with the client device; and authenticate the client device or a user of the client device; and transmit authentication information for accessing the service provided by the service provider, the authentication information identifying the IDM component of the plurality of IDM components. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A service provider in a network having a plurality of distributed identity management (IDM) components, the service provider comprising:
-
a processor and a memory, said memory containing instructions executed by said processor to cause the processor to; receive, via an input/output device, a service request from a client device in the network, said service request including at least one of an authentication of the client and an assertion token; publish, to a broker for selecting a particular IDM component from the plurality of IDM components for verifying the at least one of the authentication of the client and the assertion token, a verification request, wherein the client device is a publisher and the plurality of IDM components are subscribers; receive a verification, from the particular IDM component selected by the broker, of the at least one of the client authentication and assertion token; and in response to receiving the verification from the particular IDM component selected by the broker, deliver the requested service to the client device.
-
-
15. A broker in a network having distributed identity management (IDM) components, the broker comprising:
-
a processor and a memory, said memory containing instructions executed by said processor to cause the processor to; receive, from each of a plurality of IDM components providing distributed authentication for accessing a service provided by a service provider, a subscription to authentication requests, wherein the plurality of IDM components are subscribers; receive an authentication request published by a client device in the network, the authentication request for accessing, by the client device, the service by the service provider, wherein the client device is a publisher; determine that a subscription by a particular IDM component of the plurality of IDM components matches the published authentication request; and forward the authentication request to one of the particular IDM component of the plurality of IDM components. - View Dependent Claims (16)
-
Specification