公开(公告)号：US20060021004A1

公开(公告)日：2006-01-26

申请号：US10896314

申请日：2004-07-21

申请人： Anthony Moran ,  Brian Eaton ,  Heather Hinton ,  Benjamin Harmon

发明人： Anthony Moran ,  Brian Eaton ,  Heather Hinton ,  Benjamin Harmon

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  H04L63/0815

摘要： A method is presented for providing an HTTP-based authentication mechanism. A request for a controlled resource is received from a client at a first server, which sends a request for an uncontrolled resource to a second server, which may be an HTTP-based authentication server, e.g., by redirecting a request via the client to the second server or by forwarding a request directly to the second server. The second server then obtains authentication information from the client. The second server returns the authentication credential or the authenticated identify to the first server within a response message, e.g., by storing the authentication credential within one or more HTTP headers. In response to receiving the authentication information, the first server builds a session for the client and processes the original request for the controlled resource, e.g., by sending a redirection for the controlled resource through the client.

摘要翻译： 提出了一种提供基于HTTP的认证机制的方法。 从第一服务器的客户端接收对受控资源的请求，第一服务器向第二服务器发送对不受控资源的请求，第二服务器可以是基于HTTP的认证服务器，例如通过经由客户端将请求重定向到 通过将请求直接转发到第二台服务器。 然后，第二服务器从客户端获取认证信息。 第二服务器例如通过将认证凭证存储在一个或多个HTTP头部内，在响应消息内将认证凭证或认证标识返回给第一服务器。 响应于接收到认证信息，第一服务器为客户端建立会话并且处理对受控资源的原始请求，例如通过通过客户端发送受控资源的重定向。

公开(公告)号：US20060021018A1

公开(公告)日：2006-01-26

申请号：US10896286

申请日：2004-07-21

申请人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran ,  Patrick Wardrop

发明人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran ,  Patrick Wardrop

IPC分类号： H04L9/32

CPC分类号： H04L63/06 ,  H04L63/0815 ,  H04L63/166

摘要： A method and a system are presented in which computing environments of different enterprises interact within a federated computing environment. Federated operations can be initiated at the computing environments of federation partners on behalf of a user at a different federated computing environment. A point-of-contact service relies upon a trust service to manage trust relationships between a computing environment and computing environments of federation partners. The trust service employs a key management service, an identity/attribute service, and a security token service. A federated user lifecycle management service implements federated user lifecycle functions and interacts with the point-of-contact service and the trust service.

摘要翻译： 提出了一种方法和系统，其中不同企业的计算环境在联合计算环境中进行交互。 可以在联盟伙伴的计算环境下代表不同的联合计算环境的用户启动联合操作。 联络点服务依靠信任服务来管理计算环境和联盟伙伴计算环境之间的信任关系。 信任服务采用密钥管理服务，身份/属性服务和安全令牌服务。 联合用户生命周期管理服务实现联合用户生命周期功能，并与联络点服务和信任服务进行交互。

公开(公告)号：US20060136990A1

公开(公告)日：2006-06-22

申请号：US11014553

申请日：2004-12-16

申请人： Heather Hinton ,  Anthony Moran ,  Dolapo Falola ,  Ivan Milman ,  Patrick Wardrop

发明人： Heather Hinton ,  Anthony Moran ,  Dolapo Falola ,  Ivan Milman ,  Patrick Wardrop

IPC分类号： H04L9/32

CPC分类号： H04L63/0815 ,  H04L67/30

摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requesters is configured prior to initialization of the runtimes. Configuration data is structured into global specified data, federation relationship data and requestor specific data to minimize data change, making the addition or deletion of requesters very scalable.

摘要翻译： 本发明通过一组专用的运行时提供数据处理系统内的联合功能。 多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为选择的请求者提供所请求的联合服务。 在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系专门化。 请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。 在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。 配置数据被构建为全局指定数据，联合关系数据和请求者特定数据，以最小化数据更改，从而使请求者的添加或删除非常可扩展。

公开(公告)号：US20060021019A1

公开(公告)日：2006-01-26

申请号：US10896351

申请日：2004-07-21

申请人： Heather Hinton ,  Brian Turner ,  Anthony Moran ,  Shane Weeden ,  Ian Glazer ,  Gavis Bray ,  Venkat Raghavan

发明人： Heather Hinton ,  Brian Turner ,  Anthony Moran ,  Shane Weeden ,  Ian Glazer ,  Gavis Bray ,  Venkat Raghavan

IPC分类号： H04L9/32

CPC分类号： H04L63/0815 ,  G06F21/41 ,  H04L63/0407

摘要： A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user is provisioned at a particular federated domain, the federated domain can provision the user to other federated domains within the federated environment. A provision operation may include creating or deleting an account for a user, pushing updated user account information including attributes, and requesting updates on account information including attributes.

公开(公告)号：US20060020679A1

公开(公告)日：2006-01-26

申请号：US10896353

申请日：2004-07-21

申请人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran ,  Patrick Wardrop

发明人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran ,  Patrick Wardrop

IPC分类号： G06F15/16

CPC分类号： H04L63/0823 ,  G06F21/41 ,  G06F2221/2115 ,  G06Q10/10 ,  H04L63/02 ,  H04L63/0815

摘要： A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. The point-of-contact server receives incoming requests directed to the domain and interfaces with a first application server and a second application server, wherein the first application server responds to requests for access to controlled resources and the second application server responds to requests for access to federated user lifecycle management functions, which are implemented using one or more pluggable modules that interface with the second application server.

摘要翻译： 提出了一种方法和系统，其中联合域在联合环境中相互作用。 联盟内的域可以为其他联盟域的用户启动联合操作。 域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。 联络点服务器接收定向到域的传入请求并与第一应用服务器和第二应用服务器进行接口，其中第一应用服务器响应对受控资源的访问请求，第二应用服务器响应访问请求 联合用户生命周期管理功能，其使用与第二应用服务器接口的一个或多个可插拔模块来实现。

公开(公告)号：US20070143829A1

公开(公告)日：2007-06-21

申请号：US11304945

申请日：2005-12-15

申请人： Heather Hinton ,  Anthony Moran

发明人： Heather Hinton ,  Anthony Moran

IPC分类号： H04L9/32 ,  G06K9/00 ,  G06F17/30 ,  H04L9/00 ,  G06F15/16 ,  H04K1/00 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00

CPC分类号： H04L63/0815 ,  H04L63/0884 ,  H04L63/102 ,  H04L67/14

摘要： Methods, systems, and computer program products are disclosed that give entities flexibility to implement custom authentication methods of other entities for authentication of a principal in a federation by authenticating the principal by an identity provider according to a service provider's authentication policy and recording in session data of the identity provider an authentication credential satisfying the service provider's authentication policy. Authentication of a principal in a federation is also carried out by authenticating the principal by the identity provider according to an identity provider's authentication policy. Authentication of a principal in a federation is further carried out by receiving in the identity provider an authentication request from the service provider, the authentication request specifying the service provider's authentication policy.

摘要翻译： 公开了方法，系统和计算机程序产品，其给予实体灵活性，以通过身份提供者根据服务提供商的认证策略认证主体并在会话数据中记录来实现其他实体的用于认证联盟中的主体的定制认证方法 身份提供商的身份验证凭证满足服务提供商的身份验证策略。 通过身份提供者根据身份提供商的身份验证策略对主体进行身份认证，也可以对联盟中的主体进行身份验证。 进一步通过在身份提供者中接收来自服务提供者的认证请求，指定服务提供商的认证策略的认证请求来进行联盟中的主体的认证。

公开(公告)号：US20060253420A1

公开(公告)日：2006-11-09

申请号：US11123317

申请日：2005-05-06

申请人： Heather Hinton ,  Anthony Moran ,  Patrick Wardrop

发明人： Heather Hinton ,  Anthony Moran ,  Patrick Wardrop

IPC分类号： G06F17/30

CPC分类号： G06F21/6209 ,  G06F21/62 ,  G06F21/6218 ,  H04L63/101 ,  H04L63/20

摘要： A method and system is presented to parse a WSDL description and build a hierarchical protected object namespace for authorization of access to the resource, wherein the protected object namespace is based on the abstract part of a WSDL but can be used to assist in authorization decisions for multiple different concrete bindings of this WSDL, wherein the concrete binding/request is based on the WS-Addressing endpoint reference.

公开(公告)号：US20060048216A1

公开(公告)日：2006-03-02

申请号：US10896316

申请日：2004-07-21

申请人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran ,  Patrick Wardrop

发明人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran ,  Patrick Wardrop

IPC分类号： G06F17/30 ,  G06F15/16

CPC分类号： H04L63/0815 ,  H04W80/04 ,  H04W80/10

摘要： A method and a system are presented in which federated service providers interact within a federated environment to initiate federated operations. A point-of-contact component that provides session management capabilities at a first service provider receives a request from a client. The request is then sent, possibly using redirection through a client, to a federated user lifecycle management functional component of the first service provider, which may interact with a point-of-contact component at a second service provider to initiate a federated user lifecycle management function at the second service provider, which enlists the assistance of a federated user lifecycle management functional component at the second service provider. In response to completion of a federated user lifecycle management function, the point-of-contact component at the first service provider subsequently receives a response from the federated user lifecycle management functional component at the first service provider, and the original request can be further processed.

摘要翻译： 提出了一种方法和系统，其中联合服务提供商在联合环境内交互以发起联合操作。 在第一服务提供商处提供会话管理功能的联络点组件从客户端接收请求。 然后，可以将请求发送到可能通过客户机重定向到第一服务提供商的联合用户生命周期管理功能组件，该组件可以与第二服务提供商处的联系点组件交互以发起联合用户生命周期管理 在第二服务提供商处的功能，其在第二服务提供商处获得联合用户生命周期管理功能组件的协助。 响应于联合用户生命周期管理功能的完成，第一服务提供商处的联络点组件随后在第一服务提供商处接收来自联合用户生命周期管理功能组件的响应，并且可以进一步处理原始请求 。

公开(公告)号：US20060021017A1

公开(公告)日：2006-01-26

申请号：US10896285

申请日：2004-07-21

申请人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran

发明人： Heather Hinton ,  Dolapo Falola ,  Anthony Moran

IPC分类号： H04L9/32

CPC分类号： H04L63/0815 ,  H04L63/0823 ,  H04L2463/102

摘要： A method is presented in which federated domains interact to complete transactions within a federated environment. A point-of-contact server within a domain relies upon a trust service to manage trust relationships. An administrative user can build a federation relationship between a first service provider and a second service provider, which includes a trust relationship between the first service provider and the second service provider and a selection of federation-related operations, i.e. federation functionality. During configuration of the federation relationship, a file is dynamically generated based on the selection of federation functionality for the federation relationship. The file is exported to the second service provider, which provides additional configuration information by inserting it into the file. The modified file is imported at the first service provider from the second service provider, and the additional configuration information are extracted for subsequent use in federated transactions.

摘要翻译： 提出了一种方法，其中联合域与联合环境中的交易完成交互。 域内的联络点服务器依赖于信任服务来管理信任关系。 管理用户可以在第一服务提供商和第二服务提供商之间建立联合关系，其包括第一服务提供商和第二服务提供商之间的信任关系以及联合相关操作的选择，即联合功能。 在联合关系的配置期间，基于联盟关联的联合功能的选择动态地生成文件。 该文件导出到第二个服务提供商，它通过将文件插入文件来提供其他配置信息。 修改的文件从第二个服务提供商在第一个服务提供商导入，并提取附加的配置信息以供后续在联合交易中使用。

公开(公告)号：US20060129816A1

公开(公告)日：2006-06-15

申请号：US11010228

申请日：2004-12-10

申请人： Heather Hinton

发明人： Heather Hinton

IPC分类号： H04L9/00

CPC分类号： H04L63/0815 ,  G06F21/41

摘要： A method, a system, an apparatus, and a computer program product are presented for improving a register name identifier profile within a federated computing environment such that the register name identifier profile is enhanced to be more securely binding between two federated entities within the federated computing environment, such as an identity provider and a service provider. After the first federated entity sends a register name identifier request for a principal to the second federated entity, the second federated entity performs an authentication operation for the principal. In response to successfully completing the authentication operation, the second federated entity registers or modifies a name identifier for the principal that has been extracted from the received register name identifier request.