-
公开(公告)号:US20080178271A1
公开(公告)日:2008-07-24
申请号:US11856617
申请日:2007-09-17
申请人: Vijay K Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
IPC分类号: G06F7/04
CPC分类号: G06F21/33 , H04L9/3213 , H04L63/08 , H04L63/102 , H04L2209/56 , H04L2209/80
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(“DIR”)的系统和方法使用各种技术和结构来简化管理,增加准确性并减少数字身份提供系统的不一致性。 使用公共标识数据存储来提供系统以用于DIR发行和身份令牌发行,从而减少同步问题。 提供了各种方法来创建新的DIR,通知可用DIR的主体,并批准发布新的DIR。
-
公开(公告)号:US08087072B2
公开(公告)日:2011-12-27
申请号:US11856617
申请日:2007-09-17
申请人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L. S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Kim Cameron , Arun K. Nanda , Hervey O. Wilson , Stuart L. S. Kwan , Rashmi Raj , Vijayavani Nori
CPC分类号: G06F21/33 , H04L9/3213 , H04L63/08 , H04L63/102 , H04L2209/56 , H04L2209/80
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. A system is provided using a common identity data store for both DIR issuance and identity token issuance, decreasing synchronization issues. Various methods are provided for creating new DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(“DIR”)的系统和方法使用各种技术和结构来简化管理,增加准确性并减少数字身份提供系统的不一致性。 使用公共标识数据存储来提供系统以用于DIR发行和身份令牌发行,从而减少同步问题。 提供了各种方法来创建新的DIR,通知可用DIR的主体,并批准发布新的DIR。
-
公开(公告)号:US20080178272A1
公开(公告)日:2008-07-24
申请号:US11856636
申请日:2007-09-17
申请人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Arun K. Nanda , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Arun K. Nanda , Stuart L.S. Kwan , Rashmi Raj , Vijayavani Nori
IPC分类号: G06F7/04
CPC分类号: H04L63/0815 , G06F21/33 , G06F21/42 , H04L63/104
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(“DIR”)的系统和方法使用各种技术和结构来简化管理,增加准确性并减少数字身份提供系统的不一致性。 提供了各种方法来创建新的DIR,请求DIR,通知主体可用的DIR,并批准发布新的DIR。
-
公开(公告)号:US08407767B2
公开(公告)日:2013-03-26
申请号:US11856636
申请日:2007-09-17
申请人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Arun K. Nanda , Stuart L. S. Kwan , Rashmi Raj , Vijayavani Nori
发明人: Vijay K. Gajjala , Colin H. Brace , Derek T. Del Conte , Arun K. Nanda , Stuart L. S. Kwan , Rashmi Raj , Vijayavani Nori
IPC分类号: H04L29/06
CPC分类号: H04L63/0815 , G06F21/33 , G06F21/42 , H04L63/104
摘要: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
摘要翻译: 用于提供数字身份表示(DIR)的系统和方法使用各种技术和结构来简化管理,提高准确性并减少数字身份提供系统的不一致性。 提供了各种方法来创建新的DIR,请求DIR,通知主体可用的DIR,并批准发布新的DIR。
-
公开(公告)号:US08245051B2
公开(公告)日:2012-08-14
申请号:US11129711
申请日:2005-05-13
IPC分类号: H04L29/06
CPC分类号: H04L63/0815 , G06F21/335 , G06F21/604
摘要: Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation. Each custom claim transformation module is further configured to interact with the STS through at least one of the extensibility points. The STS may be configured to provide extensibility points for interacting with account stores that the STS does not explicitly recognize.
摘要翻译: 系统和方法旨在通过配置具有用于添加新帐户存储和定制声明转换的扩展点的系统来增强联合身份验证系统的能力。 联合认证系统包括帐户存储,安全令牌服务(STS)和自定义索赔变换模块。 帐户存储被配置为维护与帐户相关联的数据,并以中间格式提供安全声明。 STS配置为检索由帐户存储提供的安全声明,并且包括用于将每个安全声明从中间格式转换为与资源提供者相关联的格式的内置转换。 STS进一步配置为为内置转换不可用的自定义索引转换提供可扩展点。 自定义索赔转换模块被配置为执行至少一个自定义索赔转换。 每个自定义权利要求转换模块还被配置为通过至少一个可扩展点与STS交互。 STS可以配置为提供与STS未明确识别的帐户存储交互的可扩展点。
-
公开(公告)号:US20070255958A1
公开(公告)日:2007-11-01
申请号:US11416275
申请日:2006-05-01
申请人: Donald Schmidt , Danver Hartop , Derek Del Conte , Jagadeesh Kalki , Jeffrey Spelman , Kahren Tevosyan , Ryan Johnson , Vijayavani Nori
发明人: Donald Schmidt , Danver Hartop , Derek Del Conte , Jagadeesh Kalki , Jeffrey Spelman , Kahren Tevosyan , Ryan Johnson , Vijayavani Nori
IPC分类号: H04L9/00
CPC分类号: G06F21/335 , H04L63/08
摘要: This disclosure relates to the ability to use multiple claim transformation modules in a trust relationship. Claim transformation modules transform a claim or claim set into a transformed claim or claim set for use by a trusted partner and/or application. Multiple claim transformation modules may be given the opportunity to act on a claim or claim set in a pipelined fashion. In another embodiment, multiple claim transformation modules may exist, but only the proper claim transformation module(s) is(are) given the opportunity to act on a claim or claim set. In an embodiment, the claims involved are security claims used for authentication purposes between trust partners in a federated authentication system.
摘要翻译: 本公开涉及在信任关系中使用多个权利要求转换模块的能力。 索赔转换模块将权利要求或权利要求转换为经变更的权利要求或权利要求集,以供受信任的合作伙伴和/或应用使用。 可以给予多个权利要求转换模块机会以流水线方式对权利要求或权利要求采取行动。 在另一个实施例中,可以存在多个权利要求转换模块,但是只有适当的权利要求转换模块被赋予作用于权利要求或权利要求集合的机会。 在一个实施例中,所涉及的权利要求是用于在联合认证系统中的信任伙伴之间用于认证目的的安全性权利要求。
-
公开(公告)号:US20060259776A1
公开(公告)日:2006-11-16
申请号:US11129711
申请日:2005-05-13
IPC分类号: H04L9/00
CPC分类号: H04L63/0815 , G06F21/335 , G06F21/604
摘要: Systems and methods directed at enhancing the capability of a federated authentication system by configuring the system with extensibility points for adding new account stores and customizing claim transformations. The federated authentication system includes accounts stores, a security token service (STS), and custom claim transformation modules. The account stores are configured to maintain data associated with accounts and to provide security claims in an intermediate format. The STS is configured to retrieve the security claims provided by the account stores and includes built-in transformations for transforming each security claim from the intermediate format to formats associated with resource providers. The STS is further configured to provide extensibility points for custom claim transformations that are not available from the built-in transformations. The custom claim transformation modules are configured to perform at least one custom claim transformation. Each custom claim transformation module is further configured to interact with the STS through at least one of the extensibility points. The STS may be configured to provide extensibility points for interacting with account stores that the STS does not explicitly recognize.
摘要翻译: 系统和方法旨在通过配置具有用于添加新帐户存储和定制声明转换的扩展点的系统来增强联合身份验证系统的能力。 联合认证系统包括帐户存储,安全令牌服务(STS)和自定义索赔变换模块。 帐户存储被配置为维护与帐户相关联的数据,并以中间格式提供安全声明。 STS配置为检索由帐户存储提供的安全声明,并且包括用于将每个安全声明从中间格式转换为与资源提供者相关联的格式的内置转换。 STS进一步配置为为内置转换不可用的自定义索引转换提供可扩展点。 自定义索赔转换模块被配置为执行至少一个自定义索赔转换。 每个自定义权利要求转换模块还被配置为通过至少一个可扩展点与STS交互。 STS可以配置为提供与STS未明确识别的帐户存储交互的可扩展点。
-
公开(公告)号:US20060248598A1
公开(公告)日:2006-11-02
申请号:US11119236
申请日:2005-04-29
CPC分类号: H04L63/0815 , G06F21/33 , G06F21/6236 , H04L63/0807
摘要: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider. A similar two step transformation process using intermediate claims can also be implemented by the resource provider to transform security claims provided by an identity provider from a federated format to formats recognized by the applications.
摘要翻译: 针对在联合认证系统中使用中间格式转换安全声明的系统和方法。 本文描述的系统和方法涉及使用中间格式在联合认证系统中转换安全权利要求。 联合认证系统包括身份提供者和资源提供者。 身份提供者接收来自资源提供者的信息的请求,以通过与资源提供者相关联的应用来认证帐户。 与帐户存储相关联的安全声明被检索,其中帐户存储以特定于帐户存储的格式提供安全声明。 安全声明从帐户商店特定格式转换为中间格式。 然后将安全声明从中间格式转换为由资源提供者识别的联合格式。 转换的安全声明在安全令牌中提供给资源提供者。 使用中间权利要求的类似的两步转换过程也可以由资源提供者来实现,以将由身份提供者提供的安全声明从联合格式转换为应用程序识别的格式。
-
公开(公告)号:US07748046B2
公开(公告)日:2010-06-29
申请号:US11119236
申请日:2005-04-29
IPC分类号: G06F21/00
CPC分类号: H04L63/0815 , G06F21/33 , G06F21/6236 , H04L63/0807
摘要: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider. A similar two step transformation process using intermediate claims can also be implemented by the resource provider to transform security claims provided by an identity provider from a federated format to formats recognized by the applications.
摘要翻译: 针对在联合认证系统中使用中间格式转换安全声明的系统和方法。 本文描述的系统和方法涉及使用中间格式在联合认证系统中转换安全权利要求。 联合认证系统包括身份提供者和资源提供者。 身份提供者接收来自资源提供者的信息的请求,以通过与资源提供者相关联的应用来认证帐户。 与帐户存储相关联的安全声明被检索,其中帐户存储以特定于帐户存储的格式提供安全声明。 安全声明从帐户商店特定格式转换为中间格式。 然后将安全声明从中间格式转换为由资源提供者识别的联合格式。 转换的安全声明在安全令牌中提供给资源提供者。 使用中间权利要求的类似的两步转换过程也可以由资源提供者来实现,以将由身份提供者提供的安全声明从联合格式转换为应用程序识别的格式。
-
-
-
-
-
-
-
-