CN102084374B - 使用声明来表示安全身份 - Google Patents

使用声明来表示安全身份 Download PDF

Info

Publication number
CN102084374B
CN102084374B CN2009801267820A CN200980126782A CN102084374B CN 102084374 B CN102084374 B CN 102084374B CN 2009801267820 A CN2009801267820 A CN 2009801267820A CN 200980126782 A CN200980126782 A CN 200980126782A CN 102084374 B CN102084374 B CN 102084374B
Authority
CN
China
Prior art keywords
identity
component
entity
declaration
representing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2009801267820A
Other languages
English (en)
Chinese (zh)
Other versions
CN102084374A (zh
Inventor
J·亚历山大
C·K·凯勒
C·R·里夫斯
H·O·威尔逊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN102084374A publication Critical patent/CN102084374A/zh
Application granted granted Critical
Publication of CN102084374B publication Critical patent/CN102084374B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CN2009801267820A 2008-07-07 2009-06-26 使用声明来表示安全身份 Active CN102084374B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US7867308P 2008-07-07 2008-07-07
US61/078,673 2008-07-07
US12/485,859 2009-06-16
US12/485,859 US8910257B2 (en) 2008-07-07 2009-06-16 Representing security identities using claims
PCT/US2009/048893 WO2010005813A2 (en) 2008-07-07 2009-06-26 Representing security identities using claims

Publications (2)

Publication Number Publication Date
CN102084374A CN102084374A (zh) 2011-06-01
CN102084374B true CN102084374B (zh) 2013-08-07

Family

ID=41463919

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009801267820A Active CN102084374B (zh) 2008-07-07 2009-06-26 使用声明来表示安全身份

Country Status (5)

Country Link
US (1) US8910257B2 (enExample)
EP (1) EP2321760B1 (enExample)
JP (1) JP5513500B2 (enExample)
CN (1) CN102084374B (enExample)
WO (1) WO2010005813A2 (enExample)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8776255B2 (en) 2010-09-30 2014-07-08 Microsoft Corporation Claims-aware role-based access control
US8528069B2 (en) * 2010-09-30 2013-09-03 Microsoft Corporation Trustworthy device claims for enterprise applications
US9237155B1 (en) 2010-12-06 2016-01-12 Amazon Technologies, Inc. Distributed policy enforcement with optimizing policy transformations
US8769642B1 (en) * 2011-05-31 2014-07-01 Amazon Technologies, Inc. Techniques for delegation of access privileges
US9507927B2 (en) * 2011-09-30 2016-11-29 Oracle International Corporation Dynamic identity switching
US20130275282A1 (en) * 2012-04-17 2013-10-17 Microsoft Corporation Anonymous billing
US9356918B2 (en) * 2013-03-13 2016-05-31 Google Inc. Identification delegation for devices
US10158647B2 (en) * 2015-08-25 2018-12-18 Oracle International Corporation Permissive access control for modular reflection
US10282184B2 (en) 2016-09-16 2019-05-07 Oracle International Corporation Metadata application constraints within a module system based on modular dependencies
US11328115B2 (en) 2018-05-10 2022-05-10 Microsoft Technology Licensing, Llc. Self-asserted claims provider
US11870766B2 (en) 2020-12-16 2024-01-09 Microsoft Technology Licensing, Llc. Integration of legacy authentication with cloud-based authentication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074579A1 (en) * 2001-10-16 2003-04-17 Microsoft Corporation Virtual distributed security system
US20040034797A1 (en) * 2002-06-18 2004-02-19 Becker Hof Onno Mark Domain-less service selection
CN1852150A (zh) * 2005-10-20 2006-10-25 华为技术有限公司 网络中的个人数据搜索系统和方法

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698381B2 (en) * 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7221935B2 (en) 2002-02-28 2007-05-22 Telefonaktiebolaget Lm Ericsson (Publ) System, method and apparatus for federated single sign-on services
US7200674B2 (en) * 2002-07-19 2007-04-03 Open Invention Network, Llc Electronic commerce community networks and intra/inter community secure routing implementation
US7526798B2 (en) * 2002-10-31 2009-04-28 International Business Machines Corporation System and method for credential delegation using identity assertion
US8108920B2 (en) * 2003-05-12 2012-01-31 Microsoft Corporation Passive client single sign-on for web applications
US8528063B2 (en) * 2004-03-31 2013-09-03 International Business Machines Corporation Cross domain security information conversion
US7454623B2 (en) * 2004-06-16 2008-11-18 Blame Canada Holdings Inc Distributed hierarchical identity management system authentication mechanisms
US8607322B2 (en) * 2004-07-21 2013-12-10 International Business Machines Corporation Method and system for federated provisioning
JP4782139B2 (ja) * 2004-10-26 2011-09-28 テレコム・イタリア・エッセ・ピー・アー モバイルユーザーをトランスペアレントに認証してウェブサービスにアクセスする方法及びシステム
US20070094400A1 (en) * 2005-10-20 2007-04-26 Childress Rhonda L Software installation within a federation
GB0523871D0 (en) * 2005-11-24 2006-01-04 Ibm A system for updating security data
US8418234B2 (en) 2005-12-15 2013-04-09 International Business Machines Corporation Authentication of a principal in a federation
US7788499B2 (en) * 2005-12-19 2010-08-31 Microsoft Corporation Security tokens including displayable claims
JP2007179171A (ja) * 2005-12-27 2007-07-12 Internatl Business Mach Corp <Ibm> 秘密保持が要求されるモデル用のソフトウエア開発装置
US8117459B2 (en) * 2006-02-24 2012-02-14 Microsoft Corporation Personal identification information schemas
US8201215B2 (en) 2006-09-08 2012-06-12 Microsoft Corporation Controlling the delegation of rights
US7676586B2 (en) 2006-10-05 2010-03-09 Microsoft Corporation Hierarchical federation metadata
US20080263644A1 (en) * 2007-04-23 2008-10-23 Doron Grinstein Federated authorization for distributed computing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030074579A1 (en) * 2001-10-16 2003-04-17 Microsoft Corporation Virtual distributed security system
US20040034797A1 (en) * 2002-06-18 2004-02-19 Becker Hof Onno Mark Domain-less service selection
CN1852150A (zh) * 2005-10-20 2006-10-25 华为技术有限公司 网络中的个人数据搜索系统和方法

Also Published As

Publication number Publication date
EP2321760A4 (en) 2016-10-26
WO2010005813A2 (en) 2010-01-14
US8910257B2 (en) 2014-12-09
WO2010005813A3 (en) 2010-03-11
US20100001833A1 (en) 2010-01-07
JP5513500B2 (ja) 2014-06-04
JP2011527482A (ja) 2011-10-27
CN102084374A (zh) 2011-06-01
EP2321760A2 (en) 2011-05-18
EP2321760B1 (en) 2020-08-19

Similar Documents

Publication Publication Date Title
CN102084374B (zh) 使用声明来表示安全身份
US10554421B2 (en) Method for superseding log-in of user through PKI-based authentication by using smart contact and blockchain database, and server employing same
CA3038444C (en) Method for sso service using pki based on blockchain networks, and device and server using the same
CN104255007B (zh) Oauth框架
CN102685089B (zh) 用于企业应用的可信设备声明的方法和客户机设备
US10540484B2 (en) Networked services licensing system and method
JP4298969B2 (ja) 認証信用証明書の委任の有効範囲を制御するための方法とシステム
CN108259438B (zh) 一种基于区块链技术的认证的方法和装置
Squicciarini et al. PP-trust-X: A system for privacy preserving trust negotiations
US20080301784A1 (en) Native Use Of Web Service Protocols And Claims In Server Authentication
TW201027384A (en) Digital rights management (DRM)-enabled policy management for an identify provider in a federated environment
TW201025068A (en) Digital rights management (DRM)-enabled policy management for a service provider in a federated environment
US20100146290A1 (en) Token caching in trust chain processing
US8479006B2 (en) Digitally signing documents using identity context information
Bhatti et al. An integrated approach to federated identity and privilege management in open systems
KR20070072922A (ko) 네트워크연계 서비스 라이센싱 시스템 및 방법
Dimitrijević et al. Advanced Security Mechanisms in the Spring Framework: JWT, OAuth, LDAP and Keycloak
Al-Sinani et al. CardSpace-Liberty integration for CardSpace users
Bertino et al. Security for distributed systems—foundations of access control
Koshutanski et al. Towards user-centric identity interoperability for digital ecosystems
Saadatmandi Enhanced attribute retrieval and provisioning through the eIDAS digital identity infrastructure
Archer et al. Cloud Native Data Security with OAuth: A Scalable Zero Trust Architecture
Wang et al. Modeling and Construction of Web Services Security
Sinnott Grid Security: Practices, Middleware and Outlook
CN118647998A (zh) 权限管理方法和系统

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150424

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150424

Address after: Washington State

Patentee after: Micro soft technique license Co., Ltd

Address before: Washington State

Patentee before: Microsoft Corp.