专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100146290A1 TOKEN CACHING IN TRUST CHAIN PROCESSING 有权
公开(公告)号：US20100146290A1
公开(公告)日：2010-06-10
申请号：US12327899
申请日：2008-12-04
申请人： David Werner Bachmann , Nicholas George Harlow , Heather Maria Hinton , Patrick Ryan Wardrop
发明人： David Werner Bachmann , Nicholas George Harlow , Heather Maria Hinton , Patrick Ryan Wardrop
IPC分类号： H04L9/00
CPC分类号： H04L63/0815 , H04L63/0823
摘要： A method, system, and computer usable program product for token caching in a trust chain processing are provided in the illustrative embodiments. An information in a token associated with a first request is mapped. A determination is made whether a requester of the first request has provided a constraint in the first request, the constraint concerning the token, the constraint forming a client constraint. The client constraint is stored. The information and the mapped information is stored, forming stored information. The token is received in a second request. The stored information is reused if the client constraint allows reusing the stored information. A further determination may be made whether a target system receiving the mapped information has provided a server constraint, the second constraint concerning the mapped information, the second constraint forming a server constraint. The stored information may be reused if the server constraint allows reusing the stored information.
摘要翻译：在说明性实施例中提供了用于信任链处理中的令牌缓存的方法，系统和计算机可用程序产品。与第一个请求相关联的令牌中的信息被映射。确定第一请求的请求者是否在第一请求中提供约束，关于令牌的约束，形成客户约束的约束。客户端约束被存储。存储信息和映射信息，形成存储的信息。令牌在第二个请求中被接收。如果客户端约束允许重用存储的信息，则存储的信息被重新使用。可以进一步确定接收映射信息的目标系统是否提供了服务器约束，关于映射信息的第二约束，形成服务器约束的第二约束。如果服务器约束允许重用存储的信息，则可以重新使用所存储的信息。

2. 发明授权

US09325695B2 Token caching in trust chain processing 有权
标题翻译：令牌缓存在信任链处理中
公开(公告)号：US09325695B2
公开(公告)日：2016-04-26
申请号：US12327899
申请日：2008-12-04
申请人： David Werner Bachmann , Nicholas George Harlow , Heather Maria Hinton , Patrick Ryan Wardrop
发明人： David Werner Bachmann , Nicholas George Harlow , Heather Maria Hinton , Patrick Ryan Wardrop
IPC分类号： H04L29/06
CPC分类号： H04L63/0815 , H04L63/0823
摘要： A method, system, and computer usable program product for token caching in a trust chain processing are provided in the illustrative embodiments. An information in a token associated with a first request is mapped. A determination is made whether a requester of the first request has provided a constraint in the first request, the constraint concerning the token, the constraint forming a client constraint. The client constraint is stored. The information and the mapped information is stored, forming stored information. The token is received in a second request. The stored information is reused if the client constraint allows reusing the stored information. A further determination may be made whether a target system receiving the mapped information has provided a server constraint, the second constraint concerning the mapped information, the second constraint forming a server constraint. The stored information may be reused if the server constraint allows reusing the stored information.
摘要翻译：在说明性实施例中提供了用于信任链处理中的令牌缓存的方法，系统和计算机可用程序产品。与第一个请求相关联的令牌中的信息被映射。确定第一请求的请求者是否在第一请求中提供约束，关于令牌的约束，形成客户约束的约束。客户端约束被存储。存储信息和映射信息，形成存储的信息。令牌在第二个请求中被接收。如果客户端约束允许重用存储的信息，则存储的信息被重新使用。可以进一步确定接收映射信息的目标系统是否提供了服务器约束，关于映射信息的第二约束，形成服务器约束的第二约束。如果服务器约束允许重用存储的信息，则可以重新使用所存储的信息。

3. 发明授权

US08136146B2 Secure audit log access for federation compliance 有权
标题翻译：安全审核日志访问，以实现联盟合规性
公开(公告)号：US08136146B2
公开(公告)日：2012-03-13
申请号：US11619728
申请日：2007-01-04
申请人： Timothy James Hahn , Heather Maria Hinton , Patrick Ryan Wardrop
发明人： Timothy James Hahn , Heather Maria Hinton , Patrick Ryan Wardrop
IPC分类号： H04L29/06
CPC分类号： G06F21/6245 , G06F21/6236 , G06F2221/2101
摘要： A computer implemented method, data processing system, and computer program product for allowing limited access to a federation partner's audit logs in a secure, controlled manner, for the purposes of compliance demonstration. A request for audit data is received by a partner in the federated environment. The partner validates the request and requests a local report using local parameters against a local audit log store. The partner then builds a response based on the local report.
摘要翻译：计算机实现的方法，数据处理系统和计算机程序产品，以便以合规性示范的目的，以安全，受控的方式有限地访问联盟合作伙伴的审核日志。审核数据的请求由联合环境中的合作伙伴接收。伙伴验证请求，并使用本地审计日志存储区的本地参数请求本地报告。合作伙伴随后根据本地报告建立回应。

4. 发明申请

US20090259753A1 Specializing Support For A Federation Relationship 失效
标题翻译：专业支持联邦关系
公开(公告)号：US20090259753A1
公开(公告)日：2009-10-15
申请号：US12481007
申请日：2009-06-09
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.
摘要翻译：本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

5. 发明授权

US08181225B2 Specializing support for a federation relationship 失效
标题翻译：专门支持联盟关系
公开(公告)号：US08181225B2
公开(公告)日：2012-05-15
申请号：US12481007
申请日：2009-06-09
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F7/04
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes, which are instances of an application for providing federation services to requesters. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective_runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data, which describes each federation relationship between the identity provider and each of the plurality of requestors, is configured prior to initialization of the runtimes.
摘要翻译：本发明通过一组专用运行时提供数据处理系统内的联合功能，这是一组向需求者提供联合服务的应用的实例。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系而专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。

6. 发明申请

US20090125972A1 FEDERATED SINGLE SIGN-ON (F-SSO) REQUEST PROCESSING USING A TRUST CHAIN HAVING A CUSTOM MODULE 有权
标题翻译：联合单点登录（F-SSO）使用具有自定义模块的信任链的请求处理
公开(公告)号：US20090125972A1
公开(公告)日：2009-05-14
申请号：US11939749
申请日：2007-11-14
申请人： Heather Maria Hinton , Patrick Ryan Wardrop , Parley Avery Salmon
发明人： Heather Maria Hinton , Patrick Ryan Wardrop , Parley Avery Salmon
IPC分类号： G06F17/00 , G06F21/00
CPC分类号： H04L63/126 , G06F21/41 , H04L63/0815
摘要： Federated single sign on (F-SSO) uses a token service that fulfills requests by executing a module chain comprising a set of modules. F-SSO runtime processing is enhanced by enabling a federated entity user to define a custom module to include in the chain. The custom module includes one or more name-value pairs, wherein a given name-value pair has a value that may be validated against an entity-defined rule. The rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain. In a runtime operation, F-SSO begins in response to receipt of a token. In response, the processing of the module chain that includes the custom module is initiated. During processing of the custom module, an attempt is made to validate the value of a name-value pair based on the rule. If the value of the name-value pair based on the rule can be validated, processing of the module chain continues. This approach enables finer granularity on the information that can be asserted or required as part of an F-SSO flow.
摘要翻译：联合单点登录（F-SSO）使用通过执行包括一组模块的模块链来满足请求的令牌服务。通过使联合实体用户能够定义要包含在链中的自定义模块来增强F-SSO运行时处理。自定义模块包括一个或多个名称 - 值对，其中给定的名称 - 值对具有可以根据实体定义的规则被验证的值。在根据模块链的一个或多个调用参数处理自定义模块期间确定规则。在运行时操作中，F-SSO响应于令牌的接收而开始。作为响应，启动了包含定制模块的模块链的处理。在自定义模块的处理期间，尝试根据规则验证名称 - 值对的值。如果可以验证基于规则的名称 - 值对的值，则模块链的处理将继续进行。这种方法可以在作为F-SSO流程的一部分可以被断言或需要的信息上实现更精细的粒度。

7. 发明授权

US08141139B2 Federated single sign-on (F-SSO) request processing using a trust chain having a custom module 有权
标题翻译：使用具有自定义模块的信任链的联合单点登录（F-SSO）请求处理
公开(公告)号：US08141139B2
公开(公告)日：2012-03-20
申请号：US11939749
申请日：2007-11-14
申请人： Heather Maria Hinton , Patrick Ryan Wardrop , Parley Avery Salmon
发明人： Heather Maria Hinton , Patrick Ryan Wardrop , Parley Avery Salmon
IPC分类号： H04L29/06 , G06F7/04 , G06F17/30 , H04L9/32
CPC分类号： H04L63/126 , G06F21/41 , H04L63/0815
摘要： Federated single sign on (F-SSO) uses a token service that fulfills requests by executing a module chain comprising a set of modules. F-SSO runtime processing is enhanced by enabling a federated entity user to define a custom module to include in the chain. The custom module includes one or more name-value pairs, wherein a given name-value pair has a value that may be validated against an entity-defined rule. The rule is determined during the processing of the custom module based on one or more invocation parameters of the module chain. In a runtime operation, F-SSO begins in response to receipt of a token. In response, the processing of the module chain that includes the custom module is initiated. During processing of the custom module, an attempt is made to validate the value of a name-value pair based on the rule. If the value of the name-value pair based on the rule can be validated, processing of the module chain continues. This approach enables finer granularity on the information that can be asserted or required as part of an F-SSO flow.
摘要翻译：联合单点登录（F-SSO）使用通过执行包括一组模块的模块链来满足请求的令牌服务。通过使联合实体用户能够定义要包含在链中的自定义模块来增强F-SSO运行时处理。自定义模块包括一个或多个名称 - 值对，其中给定的名称 - 值对具有可以根据实体定义的规则被验证的值。在根据模块链的一个或多个调用参数处理自定义模块期间确定规则。在运行时操作中，F-SSO响应于令牌的接收而开始。作为响应，启动了包含定制模块的模块链的处理。在自定义模块的处理期间，尝试根据规则验证名称 - 值对的值。如果可以验证基于规则的名称 - 值对的值，则模块链的处理将继续进行。这种方法可以在作为F-SSO流程的一部分可以被断言或需要的信息上实现更精细的粒度。

8. 发明授权

US07698375B2 Method and system for pluggability of federation protocol runtimes for federated user lifecycle management 有权
标题翻译：用于联合用户生命周期管理的联盟协议运行时的可插拔方法和系统
公开(公告)号：US07698375B2
公开(公告)日：2010-04-13
申请号：US10896353
申请日：2004-07-21
申请人： Heather Maria Hinton , Dolapo Martin Falola , Anthony Scott Moran , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Dolapo Martin Falola , Anthony Scott Moran , Patrick Ryan Wardrop
IPC分类号： G06F15/16
CPC分类号： H04L63/0823 , G06F21/41 , G06F2221/2115 , G06Q10/10 , H04L63/02 , H04L63/0815
摘要： A method and a system are presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. The point-of-contact server receives incoming requests directed to the domain and interfaces with a first application server and a second application server, wherein the first application server responds to requests for access to controlled resources and the second application server responds to requests for access to federated user lifecycle management functions, which are implemented using one or more pluggable modules that interface with the second application server.
摘要翻译：提出了一种方法和系统，其中联合域在联合环境中相互作用。联盟内的域可以为其他联盟域的用户启动联合操作。域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。联络点服务器接收定向到域的传入请求并与第一应用服务器和第二应用服务器进行接口，其中第一应用服务器响应对受控资源的访问请求，第二应用服务器响应访问请求联合用户生命周期管理功能，其使用与第二应用服务器接口的一个或多个可插拔模块来实现。

9. 发明申请

US20080271121A1 EXTERNAL USER LIFECYCLE MANAGEMENT FOR FEDERATED ENVIRONMENTS 审中-公开
标题翻译：联合环境外部用户生物多样性管理
公开(公告)号：US20080271121A1
公开(公告)日：2008-10-30
申请号：US11740956
申请日：2007-04-27
申请人： Heather Maria Hinton , Patrick Ryan Wardrop , Anthony Scott Moran
发明人： Heather Maria Hinton , Patrick Ryan Wardrop , Anthony Scott Moran
IPC分类号： H04L9/32
CPC分类号： H04L63/0815
摘要： The present invention provides a generic technique that externalizes the management of a user session, particularly in the context of a federated environment. The invention obviates any requirement to design and implement special software (or any requirement to modify a previously installed plug-in) to enable third party SSOp-aware applications to manage the lifecycle of a user session. In an illustrative embodiment, the user session lifecycle is managed externally through an external authentication interface (EAI) that has been extended to enable any POC (or SSOp-aware application) to interface to a federated identity provider component using a simple HTTP transport mechanism. In the inventive approach, HTTP request and response headers carry the information that is used by the POC to initiate and later destroy a user session, and such information is provided by a federated entity without requiring use of a special authentication API.
摘要翻译：本发明提供了外部化用户会话的管理的通用技术，特别是在联合环境的上下文中。本发明避免了设计和实施特殊软件（或任何修改先前安装的插件的要求）的任何要求，以使第三方SSOp感知应用程序能够管理用户会话的生命周期。在说明性实施例中，用户会话生命周期通过外部认证接口（EAI）进行外部管理，外部认证接口（EAI）已被扩展以使得任何POC（或SSOp感知应用）能够使用简单的HTTP传输机制与联合身份提供商组件接口。在本发明的方法中，HTTP请求和响应报头携带由POC使用以发起和稍后销毁用户会话的信息，并且这种信息由联合实体提供，而不需要使用特殊认证API。

10. 发明授权

US07562382B2 Specializing support for a federation relationship 有权
标题翻译：专门支持联盟关系
公开(公告)号：US07562382B2
公开(公告)日：2009-07-14
申请号：US11014553
申请日：2004-12-16
申请人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
发明人： Heather Maria Hinton , Anthony Scott Moran , Dolapo Martin Falola , Ivan Matthew Milman , Patrick Ryan Wardrop
IPC分类号： G06F7/04
CPC分类号： H04L63/0815 , H04L67/30
摘要： The invention provides federated functionality within a data processing system by means of a set of specialized runtimes. Each of the plurality of specialized runtimes provides requested federation services for selected ones of the requestors according to configuration data of respective federation relationships of the requestors with the identity provider. The configuration data is dynamically retrieved during initialization of the runtimes which allows the respective runtime to be specialized for a given federation relationship. Requests are routed to the appropriate specialized runtime using the first requestor identity and the given federation relationship. The data which describes each federation relationship between the identity provider and each of the plurality of requesters is configured prior to initialization of the runtimes. Configuration data is structured into global specified data, federation relationship data and requestor specific data to minimize data change, making the addition or deletion of requestors very scalable.
摘要翻译：本发明通过一组专用的运行时提供数据处理系统内的联合功能。多个专用运行时间中的每一个根据请求者与身份提供者的各自的联合关系的配置数据，为所选请求者提供所请求的联合服务。在运行时的初始化期间动态地检索配置数据，这允许相应的运行时间针对给定的联合关系专门化。请求使用第一请求者标识和给定的联合关系路由到适当的专用运行时。在初始化运行时之前配置描述身份提供者与多个请求者中的每一个之间的每个联合关系的数据。配置数据被构造为全局指定数据，联合关系数据和请求者特定数据，以最小化数据更改，使添加或删除请求者非常可扩展。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式