WO2010099826A1 - Gestion d'attributs d'utilisateur - Google Patents

Gestion d'attributs d'utilisateur Download PDF

Info

Publication number
WO2010099826A1
WO2010099826A1 PCT/EP2009/052605 EP2009052605W WO2010099826A1 WO 2010099826 A1 WO2010099826 A1 WO 2010099826A1 EP 2009052605 W EP2009052605 W EP 2009052605W WO 2010099826 A1 WO2010099826 A1 WO 2010099826A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
entity
service
user attributes
request
Prior art date
Application number
PCT/EP2009/052605
Other languages
English (en)
Inventor
Jin Liu
Shao Jun Sun
You Lei Chen
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/EP2009/052605 priority Critical patent/WO2010099826A1/fr
Publication of WO2010099826A1 publication Critical patent/WO2010099826A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Definitions

  • the invention is related to the use and management of user attributes .
  • Figure 1 shows a system, indicated generally by the reference numeral 2, comprising a first user 4, a first service pro- vider 6, a second service provider 8, a third service provider 10, and a second user 12.
  • the first user 4 is in two- way communication with each of the service providers 6, 8 and 10.
  • the second user 12 may be in communication with one or more of the service providers: in the example of Figure 1, the second user is in two-way communication with the second and third service providers 8 and 10.
  • the first user 4 makes use of a number of different applications, provided by a number of different service providers. As a result, a range of user attributes for the first user are generated at different service providers.
  • User attributes can take many different forms.
  • user attributes may include one or more of a user's age, online status, activity records at a particular service provider, favourite song, reputation as a seller on an auction site, posts on a public forum etc.
  • the first user 4 may have different user attributes at the different service providers 6, 8 and 10. Accordingly, personal information regarding the first user 4 is spread across many service providers.
  • the second user 12 seeks user attributes concerning the first user 4. Although user attributes can be obtained by the second user 12 from the various service providers 6, 8 and 10, the system 2 does not provide an easy way for the second user to query the cross-site attributes of the first user 4. Furthermore, the second user 12 may not be aware of all of the service providers that include user attributes for the first user 4. For example, in the system 2, the second user may be able to obtain user attributes for the first user 4 from the service providers 8 and 10, but may be unaware that the first user has an account at the first service provider 6.
  • the second user 12 can use internet search engines to try to find information about an identity, however often user IDs on different sites cannot easily be linked since different sites have different user IDs for the same end user. Furthermore, not all information will be indexed by search engines and search results are not guaranteed to be valid information sources .
  • a personal homepage for the first user 4 exists and contains the owner' s identity information
  • the second user 12 can get the first user' s identities on web sites and other service providers and use this information to obtain user attributes.
  • such an arrangement requires the second user 12 to go to each service provider separately to obtain the user attributes, thereby interrupting the browsing experience of the second user.
  • a personal homepage to authenticate the visitor and selectively display information according to the visitor's identity.
  • the present invention seeks to address at least some of the problems outlined above.
  • the present invention provides a method comprising: receiving, at an identity provider, user attributes for a first entity (such as a first user) from a plurality of service providers or applications used by said first entity (thereby providing cross-site user attributes to the identity provider) ; storing said user attributes (either at the identity provider or at a location readily accessible to the identity provider) ; receiving, at the identity provider, a request for user attributes for the first entity, the request being re- ceived from a second entity (which may, for example be a second user or a service provider/application) ; and providing a set of user attributes for the first entity to the second entity (such as a second user or an application or a service provider) .
  • the method may include identifying and/or authen- ticating the second entity (or attempting to identify the second entity) .
  • the method may include identifying and/or authenticating the first entity.
  • the present invention further provides an apparatus (such as an identity provider) comprising: a first input for receiving user attributes for a first entity (such as a user) from a plurality of service providers or applications used by said first entity; a memory for storing said user attributes; a second input for receiving a request from a second entity (such as a user) for user attributes for the first entity; and a first output for providing a set of user attributes for the first entity to the second entity.
  • the first and second inputs may be provided as a single physical input, or as separate physical inputs.
  • the set of user attributes for the first entity provided to the second entity may be generated on the basis of the identity of the second entity (e.g. on the basis of the attributes that are allowed to be provided to the second entity) .
  • the set of user attributes for the first entity provided to the second entity may be generated on the basis of specified rules.
  • the rules may, for example, be specified by the first entity.
  • the set of user attributes may be generated on the basis of the attributes that are allowed to be provided to the second entity.
  • the user attributes for the first user may be received at the identity provider in response to an instruction from the first entity.
  • the user attributes may be received at the identity provider in response to an instruction from the identity provider.
  • the user attributes may be received at the identity provider under the control of a service at which the user attributes are generated.
  • Processing means may be provided for generating the set of user attributes for providing to the second entity.
  • the present invention also provides a method comprising: re-caliving, at a service provider, a request for access to a service provided by the service provider; identifying one or more entities included in the service that have user attribute data associated therewith that are stored at an identity provider; sending a request for at least some of said user attributes to the identity provider; and providing the requested service in response to the request for access to the service, the provided service including user attributes received from the identity provider in response to the request sent to the identity provider.
  • the present invention further provides an apparatus (such as a service provider, or a system including a service provider) comprising: a first input for receiving a request for access to a service provided by a service provider; means for identifying one or more entities included in the service that have user attribute data associated therewith that are stored at an identity provider; a first output for sending a request for said user attributes to the identity provider; a second input for receiving the requested user attributes from the identity provider; processing means for incorporating the user attributes into the requested service; and a second output for providing the requested service.
  • the first and second inputs may be provided as a single physical input, or as separate physical inputs.
  • the first and second outputs may be provided as a single physical output, or as separate physical outputs.
  • the identity provider may return a set of user attributes in response to the request for at least some of said user attributes. Furthermore, the set of user attributes for a particular entity may be selected on the basis of specified rules, which rules may be specified by the the particular entity.
  • the user attributes for a particular entity may be user attributes generated at a plurality of service providers or applications used by that entity.
  • the identification of said entities may be carried out by the service provider.
  • the service provider may, for example, add a query icon to a webpage presented to the second user that enables the user to request the said user attributes.
  • the identification of said entities is carried out by the entity requesting access to the service.
  • the identification of said enti- ties may be carried out by a browser (or by a plug-in of that browser) being used by a second entity (such as a user) .
  • the browser may, for example, add a query icon to a webpage presented to the second entity that enables the entity to request the said user attributes.
  • the request for user attributes may be sent to the identity provider by the service provider.
  • both the identification of said entity and the sending of the request for user attributes are carried out by the service provider.
  • the identity provider may send the user attributes to the service provider.
  • the user attributes may be sent to the entity requesting access to the service provided by the service provider, thereby preventing the user' s attributes being provided to the service provider.
  • the request for user attributes may be sent to the identity provider by the entity requesting access to the service.
  • both the identification of said entity and the sending of the request for user attributes are carried out by the entity requesting access to the service.
  • the request for user attributes may be sent to the identity provider in response to a user requesting said user attrib- utes.
  • the user may be presented with a webpage including one or more icons, wherein the activation of the icons by the user results in user attributes for the entity associated with the icon being requested.
  • the icon(s) may be included in the webpage presented to the user under the control of the service provider and/or the user's browser.
  • the incorporation of the user attributes into the requested service may be carried out at the service provider, or may be carried out elsewhere, such as at the entity requested access to the service.
  • the present invention provides a computer program product comprising: means for receiving (for example, at an identity provider) user attributes for a first entity (such as a first user) from a plurality of service providers or applications used by said first entity (thereby providing cross-site user attributes to the identity provider) ; means for storing said user attributes (for example, either at the identity provider or at a location readily accessible to the identity provider) ; means for receiving (for example, at the identity provider) a request for user attributes for the first entity, the request being received from a second entity (which may, for example be a second user, or a service provider/application) ; and means for providing a set of user attributes to the second entity (such as a second user or an application/service provider) .
  • the present invention also provides a computer program comprising: code for receiving (for example, at an identity provider) user attributes for a first entity (such as a first user) from a plurality of service providers or applications used by said first entity (thereby providing cross-site user attributes to the identity provider) ; code for storing said user attributes (for example, either at the identity provider or at a location readily accessible to the identity provider) ; code for receiving (for example, at the identity provider) a request for user attributes for the first entity, the request being received from a second entity (which may, for example be a second user, or a service provider/application) ; and code for providing a set of user attributes to the second entity (such as a second user or an application/service provider) .
  • the computer program may be a computer program product comprising a computer-readable medium bearing computer program code embodied therein for use with a computer.
  • the present invention further provides a computer program product comprising: means for receiving (for example, at a service provider) a request for access to a service provided by the service provider; means for identifying one or more entities included in the service that have user attribute data associated therewith that are stored at an identity provider; means for sending a request for at least some of said user attributes to the identity provider; and means for providing the requested service in response to the request for access to the service, the provided service including user attributes received from the identity provider in response to the request sent to the identity provider.
  • the present invention further provides a computer program comprising: code for receiving (for example, at a service provider) a request for access to a service provided by the service provider; code for identifying one or more entities included in the service that have user attribute data associated therewith that are stored at an identity provider; code for sending a request for at least some of said user attrib- utes to the identity provider; and code for providing the requested service in response to the request for access to the service, the provided service including user attributes received from the identity provider in response to the request sent to the identity provider.
  • the computer program may be a computer program product comprising a computer-readable medium bearing computer program code embodied therein for use with a computer.
  • Figure 1 is a block diagram of a system in which user attributes for users are generated
  • FIG. 2 is a block diagram of a system in accordance with an aspect of the invention.
  • Figure 3 is a message sequence demonstrating an aspect of the present invention
  • Figure 4 is a message sequence demonstrating an aspect of the present invention
  • Figure 5 shows an exemplary display to a user in accordance with an aspect of the present invention
  • Figure 6 is a message sequence demonstrating an as- pect of the present invention.
  • Figure 7 is a message sequence demonstrating an aspect of the present invention.
  • Figure 8 is a message sequence demonstrating an aspect of the present invention.
  • FIG. 2 is a block diagram of a system, indicated generally by the reference numeral 2', in accordance with an aspect of the present invention.
  • the system 2' includes the first user 4, first service provider 6, second service provider 8, third service provider 10, and second user 12 of the system 2 described above.
  • the system 2' includes an identity provider 14.
  • the first user 4 is in two-way communication with each of the service providers 6, 8 and 10.
  • the second user 12 is in two- way communication with the second and third service providers 8 and 10.
  • the first user 4 and the second user 12 are both in two-way communication with the identity provider 14.
  • the first user 4 has different attributes at the different service providers 6, 8 and 10. Accordingly, personal information regarding the first user 4 is spread across many service providers. These user attributes are collated at the identity provider 14, from where they can be accessed by the second user 12, as discussed further below.
  • collating user attributes at a single entity enables the second user 12 (or other entities, such as applications or service providers) to obtain user attribute data from a single source. This is more convenient for the second user, and is also likely to be more complete, since it is less likely that some user attribute data will be missed. Moreover, the first user can restrict the access to the user attribute data at the identity provider 14, thereby retaining control of user attribute data at a single location .
  • SAML Security Assertion Markup Language
  • OASIS Organiza- tion for the Advancement of Structured Information Standards
  • Figure 3 is a message sequence, indicated generally by the reference numeral 20, of an exemplary arrangement for collating user attribute data at the identity provider 14 by making use of the SAML attribute query.
  • the message sequence 20 shows messages between a browser of the first user 4, the identity provider 14 and a website 16 provided by a service provider, such as the first service provider 6.
  • the message sequence 20 begins with the first user 4 issuing a login message 22 to the identity provider 14.
  • the identity provider authenticates the first user (step 24) and sends a portal web page to the first user 4 as message 26.
  • the first user 4 uses the web page sent from the identity provider to instruct the identity provider to retrieve attributes for the user from a particular application in message 28.
  • This function may be provided in a number of ways.
  • the web page provided in message 26 may include a list of applications that the first user 4 has access to and the user may simply click on one of the applications in order to instruct the identity provider to request the user' s attributes stored at that application.
  • the identity provider uses the OASIS SAML AttributeQuery instruction to obtain the user's attributes from the website 16.
  • the identity provider sends a redirect message 30 to the first user 4, instructing the browser of the first user to send the query to the website 16.
  • the browser sends a SAML Attribute- Query to the website 16 as message 32.
  • the SAML AttributeQuery may take the following form:
  • the website receives the AttributeQuery 32 and responds by providing an AttributeStatement . This is sent initially to the first user 4 as a redirect message 34 and the first user forwards the AttributeStatement to the identity provider 14 as message 36.
  • the SAML AttributeState- ment may take the following form:
  • the identity provider stores the user attributes includes in the message 36 (step 38) and sends an OK message 39 to the first user to complete the message sequence 20.
  • the message sequence 20 involves the first user 22 actively initiating the use of the attribute query to obtain user at- tributes.
  • the attribute query function could be initiated in other way; for example automatically under the control of the identity provider 14.
  • the use of the attribute query function itself is not essential.
  • the website 16 can periodically report attribute data updates to the identity provider 14 over any protocol such as HTTP or SOAP. In such a scenario, the messa- ges 30, 32, 34 and 36 can be omitted and the identity provider 14 can return the user attributes with the HTTP 200 OK message 39 to the first user 4 directly.
  • the identity provider 14 can be provided with user at- tributes generated for the first user 4 at a number of different service providers and applications.
  • the next step is to enable the second user 12 to access that data, as discussed further below.
  • the second user 12 is in communication with the identity provider 14 and can request user attributes from the identity provider.
  • Figure 4 shows a messages sequence, indicated generally by the reference numeral 40, showing, in broad terms, a mechanism by which the second user can obtain user attributes in accordance with an aspect of the invention.
  • the message sequence 40 begins with the second user seeking access to a service at the second service provider 8 by send- ing a service request 42 to the second service provider.
  • the request 42 may, for example, be sent from a browser of the second user 12.
  • the second service provider returns a web page 44 to the second user .
  • the webpage 44 includes features that would be enhanced by including user attribute information regarding other users, such as the first user 4.
  • the webpage 44 also includes a mechanism for requesting the user attribute information, as discussed further below.
  • the second user requests the user attribute information in a request 46 sent to the identity provider 14.
  • the attributes are returned from the identity provider 14 to the second user 12 in message 48 and can be used to populate the webpage 44 with user-specific data.
  • the service provider 8 provides the structure for the webpage included in the message 44, but the user-dependent content is aggregated only at the second user 12. This means that the second user 12 is presented (in the web page) with personal information about other users in such a way that the service provider 8 (the source of the pagej does not learn the presented personal information. Thus, the service provider 8 can provide a highly perso- nalized page and yet it is not able to learn most of the sensitive personal information that is included in that page.
  • the service provider 8 can provide such a page in which the user is presented with a list of their friends, each of them including a personal photograph and with their current context (such as work/home/vacation/etc.) and even with their current location. Importantly, it is possible to do this without the service provider learning any of the private information.
  • Figure 5 shows an exemplary portion 50 of a webpage, such as the webpage included in the message 44 discussed above.
  • the webpage portion 50 includes information relating to three users, namely Alice, Bob and Cindy.
  • the webpage portion 50 in- eludes two "Query IDM" icons.
  • a first icon 52 is placed next to the name Alice, a second icon 54 is placed next to the name Cindy.
  • These icons show that user attributes are available for those people. The viewer of the webpage can obtain these user attributes (for example by clicking on the icons) in order to provide further information in the webpage, as discussed further below.
  • Figure 6 shows a message sequence, indicated generally by the reference numeral 60, in accordance with an aspect of the present invention.
  • the message sequence 60 shows the second user 12 accessing a service at the second service provider 8 and in communication with the identity provider 14.
  • the second user 12 sends (typically using a browser) a service access request 62 (similar to the request 42) to the second service provider 8.
  • the second service provider 8 prepares a web page for delivery to the second user 12.
  • the second service provider 8 recognizes a number of names in the web page and places a "Query IDM" icon alongside the names (step 64), as described above with reference to Figure 5.
  • the web page, including the Query IDM icons, is returned to the second user 12 as message 66.
  • the second user 12 may activate one or more of the Query IDM icons, for example by clicking on a link (although many other means for activating such as link will be apparent to the skilled person) , as indicated by step 68.
  • Activating an icon results in an attribute request 70 being sent from the second user 12 to the identity provider 14.
  • the identity provider 14 obtains the requested attributes (step 72) and provides the attributes to the second user 12 in message 74.
  • the user attributes can then be included in the web page 66 presented to the second user 12.
  • the step 72, in which the identity provider 14 obtains the requested attributes may be implemented as follows.
  • the identity provider 14 first authenticates the entity making the request 70 (the second user 12) .
  • the identity and attributes of the user 12 are then utilized to attempt to match the preference of the target user.
  • the preference data contains rules about which attributes can be exposed to which requesting party.
  • the identity provider returns the attrib- utes that are permitted according to the rules.
  • the default rule may be that no attributes may be returned.
  • An example preference data of the first user 4 may be contain a rule that his basic attributes e.g. online status and hobby, can be exposed to his friends group, which contains a list of user IDs.
  • the identity provider 14 can determine whether the second user 12 is in the friends group. If the second user is within the friends group, the online status and hobby attrib- utes can be returned to the second user. If the second user is not within the friends group (and is therefore a stranger) , then no attributes will be returned to the second user .
  • two attribute requests may be sent to the identity provider in order to request user attributes for Alice and Cindy.
  • the user attributes returned by the identity provider 14 can then be incorporated into the web page portion 50.
  • the identity provider may return an HTTP 200 OK mes- sage with HTML payload describing attributes such as " ⁇ htmlxbody>Alice is a senior member of the web site ⁇ /bodyx/html>" .
  • Figure 7 shows a message sequence, indicated generally by the reference numeral 80, in which the Query IDM icons are placed by software running at the second user (e.g. a browser plug-in 18) .
  • the message sequence 80 begins with the browser 18 sending a service access request 82 (similar to the requests 42 and 62) to the second service provider 8.
  • the second service provider 8 prepares a web page for delivery to the browser 18 and returns that web page in message 84.
  • the browser 18 On receipt of the webpage 84, the browser 18 (or the plug-in of that browser) recognizes a number of names in the web page and places a Query IDM icon alongside the names.
  • the web page, including the Query IDM icons, is displayed to the second user 12.
  • the second user 12 may activate one or more of the Query IDM icons, for example by clicking on a link, as indicated by step 88. Activating an icon results in an attribute request 90 being sent from the browser 18 to the identity provider 14.
  • the identity provider 14 On receipt of the request 90, the identity provider 14 obtains the requested attributes (step 92) in a similar manner to the step 72 discussed above.
  • the user attributes are provided to the browser 18 in message 94.
  • the user attributes can then be included in a modified web page 96 presented to the second user 12.
  • Query IDM icons are added to a web page and a user (the second user 12) is prompted to request the user attributes from the identity provider 14.
  • a user the second user 12
  • the service pro- vider 8 may automatically request user attributes from the identity provider 14, without requiring any input from the user.
  • a service request 102 is sent from the second user 12 (or from a browser of that user) to the second service provider 8
  • the second service provider sends an attributes request 104 to the identity provider 14
  • the identity provider returns the requested attributes to the service provider 8 as message 106
  • the service provider returns a web page to the second user (or to a browser of that user) in message 108, the webpage including the personalized information in accordance with the user attributes.
  • the attributes pro- vided in message 106 may be provided to the second user 12 (and not to the service provider 8) in order to avoid the need to provide user attributes to the service provider.
  • the service provider 8 may send a webpage and an attributes request to the identity provider 14, the iden- tity provider may add the user attributes and the webpage
  • the present invention enables identity providers and identity management systems to provide valuable services directly to internet users.
  • the invention assists identity management systems to become identity information hubs of internet web sites .
  • the invention enables end users to query the cross-site information of other users very easily when they are surfing the Internet.
  • the information can be made available in the website (or other service) that they are currently accessing.
  • the information is from a trusted source (an identity management system) .
  • the invention also enables service providers to provide a fluent browsing experience to their users because the end user no longer needs to interrupt his session at the service provider to query another user's attributes. Moreover, by exposing registered users' attributes to another person who might be not registered yet, a service provider can enlarge its reaching scope.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un agencement pour gérer des attributs d'utilisateur, par exemple à l'aide d'un système de gestion d'identités. Les attributs d'utilisateur pour un premier utilisateur au niveau d'un certain nombre de prestataires de services et d'applications sont regroupés au niveau d'un fournisseur d'identités. Un second utilisateur peut accéder à ces attributs d'utilisateur, par exemple pour garnir une page Web avec des données spécifiques à un utilisateur, relatives au premier utilisateur.
PCT/EP2009/052605 2009-03-05 2009-03-05 Gestion d'attributs d'utilisateur WO2010099826A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2009/052605 WO2010099826A1 (fr) 2009-03-05 2009-03-05 Gestion d'attributs d'utilisateur

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2009/052605 WO2010099826A1 (fr) 2009-03-05 2009-03-05 Gestion d'attributs d'utilisateur

Publications (1)

Publication Number Publication Date
WO2010099826A1 true WO2010099826A1 (fr) 2010-09-10

Family

ID=41683425

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/052605 WO2010099826A1 (fr) 2009-03-05 2009-03-05 Gestion d'attributs d'utilisateur

Country Status (1)

Country Link
WO (1) WO2010099826A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003049000A1 (fr) * 2001-12-04 2003-06-12 Sun Microsystems, Inc. Identite pour reseau reparti
US20080168539A1 (en) * 2007-01-05 2008-07-10 Joseph Stein Methods and systems for federated identity management

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003049000A1 (fr) * 2001-12-04 2003-06-12 Sun Microsystems, Inc. Identite pour reseau reparti
US20080168539A1 (en) * 2007-01-05 2008-07-10 Joseph Stein Methods and systems for federated identity management

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
CHRISTIAN SCHLAGER ET AL: "Effects of Architectural Decisions in Authentication and Authorisation Infrastructures", AVAILABILITY, RELIABILITY AND SECURITY, 2007. ARES 2007. THE SECOND IN TERNATIONAL CONFERENCE ON, IEEE, PI, 1 April 2007 (2007-04-01), pages 230 - 237, XP031079590, ISBN: 978-0-7695-2775-8 *
LATIFA BOURSAS ET AL: "Policy-based Service Provisioning and Dynamic Trust Management in Identity Federations", COMMUNICATIONS, 2006. ICC '06. IEEE INTERNATIONAL CONFERENCE ON, IEEE, PI, 1 June 2006 (2006-06-01), pages 2370 - 2375, XP031025418, ISBN: 978-1-4244-0354-7 *
ROLAND ERBER ET AL: "Patterns for Authentication and Authorisation Infrastructures", DATABASE AND EXPERT SYSTEMS APPLICATIONS, 2007. DEXA '07. 18TH INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 1 September 2007 (2007-09-01), pages 755 - 759, XP031136542, ISBN: 978-0-7695-2932-5 *
RONALD SCHROETER ET AL: "A Synchronous Multimedia Annotation System for Secure Collaboratories", E-SCIENCE AND GRID COMPUTING, 2006. E-SCIENCE '06. SECOND IEEE IN TERNATIONAL CONFERENCE ON, IEEE, PI, 1 December 2006 (2006-12-01), pages 41 - 48, XP031030721, ISBN: 978-0-7695-2734-5 *
SHOICHIROU FUJIWARA ET AL: "A Privacy Oriented Extension of Attribute Exchange in Shibboleth", APPLICATIONS AND THE INTERNET WORKSHOPS, 2007. SAINT WORKSHOPS 2007. I NTERNATIONAL SYMPOSIUM ON, IEEE, PI, 1 January 2007 (2007-01-01), pages 28 - 31, XP031044122, ISBN: 978-0-7695-2757-4 *

Similar Documents

Publication Publication Date Title
US9769122B2 (en) Anonymous single sign-on to third-party systems
US20090030985A1 (en) Family-based online social networking
US20120110469A1 (en) Systems and Methods for Cross Domain Personalization
WO2007083930A1 (fr) Serveur de nouvelles pour remontée à la source entre nouvelles et blogs, et procédé d'interconnexion correspondant
US20110137817A1 (en) System and method for aggregating and disseminating personal data
CN102413151A (zh) 分享网络资源的方法及系统
WO2010075798A1 (fr) Procédé de configuration et d'authentification pour autorisation inter-domaine, équipement et système correspondants
WO2012070571A1 (fr) Dispositif de gestion pour site de srs, et procédé de présentation d'informations utilisant le site de supervision srs
JP4872268B2 (ja) コンテンツ配信方法および携帯端末
US10382914B2 (en) Techniques to leverage data from mobile headers
JP2001306521A (ja) 属性別アクセス制御方法及びシステム並びに認証用プログラム又はアクセス制御用データを記憶した記憶媒体
JP5513270B2 (ja) メッセージ共有装置、方法、およびプログラム
Hildén Am I my IP address's keeper? Revisiting the boundaries of information privacy
KR101638262B1 (ko) 소셜 네트워크 리포트들
JP2008282284A (ja) アクセス管理装置およびアクセス管理方法
KR102251705B1 (ko) 시간의 경과에 따라 콘텐츠로의 접근을 제한하는 콘텐츠 제공 서버의 동작 방법과 이를 이용한 서비스 제공 방법
JP2002041522A (ja) 個人情報開示システム及び電子メール配信システム
JP6162056B2 (ja) 広告コンテンツ配信システムおよび広告コンテンツ配信方法
WO2010099826A1 (fr) Gestion d'attributs d'utilisateur
JP5610523B2 (ja) Url置換システム
JP4846624B2 (ja) 認証代理装置、認証代理方法、及び認証代理プログラム
JP2006221490A (ja) 情報提供システム及び情報提供プログラム
KR20050059380A (ko) 네트워크를 통한 커뮤니티 연결 시스템 및 그 방법
JP2006178894A (ja) アクセス制御システム
KR100606239B1 (ko) 사용자 로그인 아이디 관리 시스템 및 그 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09779113

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09779113

Country of ref document: EP

Kind code of ref document: A1