-
公开(公告)号:US08245051B2
公开(公告)日:2012-08-14
申请号:US11129711
申请日:2005-05-13
IPC分类号: H04L29/06
CPC分类号: H04L63/0815 , G06F21/335 , G06F21/604
摘要: Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation. Each custom claim transformation module is further configured to interact with the STS through at least one of the extensibility points. The STS may be configured to provide extensibility points for interacting with account stores that the STS does not explicitly recognize.
摘要翻译: 系统和方法旨在通过配置具有用于添加新帐户存储和定制声明转换的扩展点的系统来增强联合身份验证系统的能力。 联合认证系统包括帐户存储,安全令牌服务(STS)和自定义索赔变换模块。 帐户存储被配置为维护与帐户相关联的数据,并以中间格式提供安全声明。 STS配置为检索由帐户存储提供的安全声明,并且包括用于将每个安全声明从中间格式转换为与资源提供者相关联的格式的内置转换。 STS进一步配置为为内置转换不可用的自定义索引转换提供可扩展点。 自定义索赔转换模块被配置为执行至少一个自定义索赔转换。 每个自定义权利要求转换模块还被配置为通过至少一个可扩展点与STS交互。 STS可以配置为提供与STS未明确识别的帐户存储交互的可扩展点。
-
公开(公告)号:US07748046B2
公开(公告)日:2010-06-29
申请号:US11119236
申请日:2005-04-29
IPC分类号: G06F21/00
CPC分类号: H04L63/0815 , G06F21/33 , G06F21/6236 , H04L63/0807
摘要: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider. A similar two step transformation process using intermediate claims can also be implemented by the resource provider to transform security claims provided by an identity provider from a federated format to formats recognized by the applications.
摘要翻译: 针对在联合认证系统中使用中间格式转换安全声明的系统和方法。 本文描述的系统和方法涉及使用中间格式在联合认证系统中转换安全权利要求。 联合认证系统包括身份提供者和资源提供者。 身份提供者接收来自资源提供者的信息的请求,以通过与资源提供者相关联的应用来认证帐户。 与帐户存储相关联的安全声明被检索,其中帐户存储以特定于帐户存储的格式提供安全声明。 安全声明从帐户商店特定格式转换为中间格式。 然后将安全声明从中间格式转换为由资源提供者识别的联合格式。 转换的安全声明在安全令牌中提供给资源提供者。 使用中间权利要求的类似的两步转换过程也可以由资源提供者来实现,以将由身份提供者提供的安全声明从联合格式转换为应用程序识别的格式。
-
公开(公告)号:US07603555B2
公开(公告)日:2009-10-13
申请号:US11173004
申请日:2005-06-30
申请人: Donald E. Schmidt , Ryan D. Johnson , Kahren Tevosyan , Jeffrey F. Spelman , Krishnanand Shenoy , Harini Raghavan , David R. Mowers , Matthew Hur
发明人: Donald E. Schmidt , Ryan D. Johnson , Kahren Tevosyan , Jeffrey F. Spelman , Krishnanand Shenoy , Harini Raghavan , David R. Mowers , Matthew Hur
IPC分类号: H04L9/00
CPC分类号: H04L63/0209 , H04L63/0815 , H04L63/168
摘要: A system for authenticating computer users comprising a single active directory disposed in an intranet, a web server disposed in a DMZ associated with the intranet, and a web client coupled to the web server through an internet connection that is capable of signing on to the web server.
摘要翻译: 一种用于认证计算机用户的系统,包括设置在内联网中的单个活动目录,布置在与内联网相关联的DMZ中的web服务器,以及通过互联网连接耦合到web服务器的web客户端,该互联网连接能够登录到web 服务器。
-
公开(公告)号:US07568218B2
公开(公告)日:2009-07-28
申请号:US10285175
申请日:2002-10-31
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/101
摘要: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.
摘要翻译: 选择性跨域认证器将标识符与来自在一个领域中认证的实体的请求相关联,以访问与第二领域相关联的资源。 该标识符表示该实体在与所请求的资源相关联的领域以外的领域中被认证。 与资源相关联的域控制器执行访问检查,以验证经过身份验证的用户是否被授权对请求的资源进行身份验证。 与该资源相关联的权限可用于指定授予由与另一领域相关联的域控制器认证的实体的访问级别。
-
公开(公告)号:US07401235B2
公开(公告)日:2008-07-15
申请号:US10144059
申请日:2002-05-10
申请人: David R. Mowers , Daniel Doubrovkine , Roy Leban , Donald E. Schmidt , Ram Viswanathan , John E. Brezak , Richard B. Ward
发明人: David R. Mowers , Daniel Doubrovkine , Roy Leban , Donald E. Schmidt , Ram Viswanathan , John E. Brezak , Richard B. Ward
IPC分类号: G06F7/04 , G06F17/30 , G06F15/173 , G06K9/00 , H04L9/32
CPC分类号: G06F21/31 , G06F21/33 , G06F2221/2141
摘要: Methods and systems are provided to allow users that are authenticated by a trusted external service to gain controlled levels of access to selected local computing resources without requiring the user to also have conventional access control capabilities for the resources.
摘要翻译: 提供了方法和系统,以允许由受信任的外部服务认证的用户获得对所选择的本地计算资源的受控级别的访问,而不需要用户也具有资源的常规访问控制能力。
-
公开(公告)号:US07185359B2
公开(公告)日:2007-02-27
申请号:US10029426
申请日:2001-12-21
CPC分类号: H04L63/0815 , H04L63/083
摘要: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
摘要翻译: 企业网络架构具有建立在两个自主网络系统之间的信任链路,能够实现两个网络系统的网络域之间的传递资源访问。 信任链接由相应网络系统中的每一个维护的数据结构来定义。 第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器,或者第一网络系统管理员指示是否信任个体命名空间。 由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。 第一网络系统从信任链路确定将认证请求传送到第二网络系统。 当管理员管理组成员身份和访问控制列表时,第一个网络系统还从信任链接确定何处传达授权请求。
-
公开(公告)号:US07617522B2
公开(公告)日:2009-11-10
申请号:US11379998
申请日:2006-04-24
CPC分类号: H04L63/0815 , H04L63/083
摘要: An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.
摘要翻译: 企业网络架构具有建立在两个自主网络系统之间的信任链路,能够实现两个网络系统的网络域之间的传递资源访问。 信任链接由相应网络系统中的每一个维护的数据结构来定义。 第一网络系统维护对应于第二网络系统的命名空间和第一网络系统中的域控制器,或者第一网络系统管理员指示是否信任个体命名空间。 由第二网络系统中的域管理的帐户可以通过第一网络系统中的域控制器请求认证。 第一网络系统从信任链路确定将认证请求传送到第二网络系统。 当管理员管理组成员身份和访问控制列表时,第一个网络系统还从信任链接确定何处传达授权请求。
-
公开(公告)号:US20090228969A1
公开(公告)日:2009-09-10
申请号:US12469245
申请日:2009-05-20
IPC分类号: H04L29/06 , G06F15/173
CPC分类号: H04L63/10 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/101
摘要: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.
摘要翻译: 选择性跨域认证器将标识符与来自在一个领域中认证的实体的请求相关联,以访问与第二领域相关联的资源。 该标识符表示该实体在与所请求的资源相关联的领域以外的领域中被认证。 与资源相关联的域控制器执行访问检查,以验证经过身份验证的用户是否被授权对请求的资源进行身份验证。 与该资源相关联的权限可用于指定授予由与另一领域相关联的域控制器认证的实体的访问级别。
-
公开(公告)号:US07015307B2
公开(公告)日:2006-03-21
申请号:US10226676
申请日:2002-08-23
IPC分类号: A61K38/04
摘要: Disclosed are methods of purifying glycopeptides that are substituted with one or more substituents each comprising one or more phosphono groups that are useful as antibacterial agents. The methods include contacting a solution of the glycopeptide derivatives with a polystyrene-containing resin, eluting the resin with an aqueous solution, and isolating the purified glycopeptide derivative.
-
公开(公告)号:US08510818B2
公开(公告)日:2013-08-13
申请号:US12469245
申请日:2009-05-20
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , H04L63/08 , H04L63/0807 , H04L63/0815 , H04L63/101
摘要: A selective cross-realm authenticator associates an identifier with a request from an entity authenticated in one realm to access a resource associated with a second realm. The identifier indicates that the entity was authenticated in a realm other than the realm associated with the requested resource. A domain controller associated with the resource performs an access check to verify that the authenticated user is authorized to authenticate to the requested resource. Permissions associated with the resource can be used to specify levels of access to be granted to entities authenticated by a domain controller associated with another realm.
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.06 秒)
