公开(公告)号：US20090307744A1

公开(公告)日：2009-12-10

申请号：US12135570

申请日：2008-06-09

申请人： Arun K. Nanda ,  Matthew F. Steele ,  Danver W. Hartop ,  Sriram Vasudevan ,  Edward P. Johns ,  Colin H. Brace ,  Vijay K. Gajjala

发明人： Arun K. Nanda ,  Matthew F. Steele ,  Danver W. Hartop ,  Sriram Vasudevan ,  Edward P. Johns ,  Colin H. Brace ,  Vijay K. Gajjala

IPC分类号： G06F17/00

CPC分类号： H04L63/0807 ,  G06F21/335 ,  G06F2221/2101 ,  H04L63/20

摘要： A federated identity verification system includes an identity provider that provides security tokens ultimately to one or more relying parties for access by the client to services at a relying party. Specifically, the relying party can validate the security token from an identity provider (whether directly or via a client) when verifying that the received security token conforms to security configuration data previously exchanged with the identity provider. To establish the trust relationship, the identity provider and one or more relying parties exchange security configuration information through an agreed-to communication channel. The security configuration information indicates the settings that the other party needs to use for establishing, maintaining, and/or monitoring the trust relationship. The communication channel allows both parties to flexibly and continually synchronize changes to security configurations, and thus maintain, change, or end the trust relationship automatically, as desired.

摘要翻译： 联合身份验证系统包括身份提供者，该身份提供者最终向一个或多个依赖方提供安全令牌，以供客户端访问依赖方的服务。 具体来说，依赖方可以在验证接收到的安全令牌符合先前与身份提供者交换的安全配置数据时，从身份提供者（无论是直接访问还是通过客户端）验证安全令牌。 为了建立信任关系，身份提供商和一个或多个依赖方通过协商的通信渠道交换安全配置信息。 安全配置信息指示对方需要用于建立，维护和/或监视信任关系的设置。 通信通道允许双方灵活地并且连续地将改变同步到安全配置，从而根据需要自动维护，改变或结束信任关系。