OBTAINING DIGITAL IDENTITIES OR TOKENS THROUGH INDEPENDENT ENDPOINT RESOLUTION
A federated identity provisioning system includes relying parties, identity providers, and clients that obtain tokens from identity providers for access to a relying party's services. When a client contacts a new relying party, the relying party provides information that the client can independ...
Saved in:
Main Authors | , |
---|---|
Format | Patent |
Language | English French German |
Published |
08.10.2014
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | A federated identity provisioning system includes relying parties, identity providers, and clients that obtain tokens from identity providers for access to a relying party's services. When a client contacts a new relying party, the relying party provides information that the client can independently resolve and evaluate for trustworthiness. For example, the relying party provides a generic domain name address. The client can then resolve the domain name address over various, authenticated steps to identity an endpoint for a digital identity provisioning service. The client can further interact with and authenticate the provisioning service (e.g., requiring digital signatures) to establish a trust relationship. Once determining that the client/user trusts the provisioning service, the client/user can then provide information to obtain a digital identity representation. The client can then use the digital identity representation with the corresponding identity provider to obtain one or more tokens that the relying party can validate. |
---|---|
Bibliography: | Application Number: EP20090767440 |