A method and system for realizing identity management interoperability

A technology of identity management and interoperability, applied in transmission systems, user identity/authority verification, electrical components, etc., can solve problems such as practical application inconvenience, and achieve the effect of convenient use

Active Publication Date: 2015-09-16
贵州好生活智慧服务股份有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, the SP authentication mode mainly studied is based on the fixed IDP mode, and the IDP used by the user is not within the trust range of the SP, and it cannot pass through. In the case of registration, this SP will not be able to provide services to this user, which makes the user need to log in to different IDPs multiple times to obtain the service of this SP, which brings inconvenience to the actual application

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for realizing identity management interoperability
  • A method and system for realizing identity management interoperability
  • A method and system for realizing identity management interoperability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] In Embodiment 1, the identity provider maintained by the identity management center establishes a direct connection trust path with other identity providers as needed; when the identity management center selects a backup authentication point, it will An identity provider that has a direct trust relationship or an indirect trust relationship with the identity provider to which the service provider belongs is selected as a backup authentication point among the identity providers for which the user has performed identity registration.

[0054] Among them, two identity providers have a direct trust relationship means that they belong to the same trust domain, or both do not belong to the same trust domain but they have a direct trust path; two identity providers have an indirect trust relationship means they belong to different Both of the trust domains can establish indirect trust paths through the intersection of trust domains between identity providers and / or direct trust...

Embodiment 2

[0083] In Embodiment 2, the identity provider maintained by the identity management center establishes a direct trust path with the identity management center as required, and the identity provider to which the service provider belongs has a direct trust path with the identity management center; When the identity management center selects a backup authentication point, according to the direct trust path between each identity provider and the identity management center, select one of the identity providers for which the user has registered has a direct relationship with the identity management center. Or an identity provider in an indirect trust relationship as an alternate authentication point.

[0084] The direct trust relationship between the identity provider and the identity management center means that the two have a direct trust path; any two identity providers in the same trust domain have a direct trust path, and the identity provider and the identity management center ...

Embodiment 3

[0106] Embodiment 2 combines the application conditions of Embodiment 1 and Embodiment 2. The identity provider maintained by the identity management center establishes a direct connection trust path with other identity providers as required, and establishes a direct connection trust path with the identity management center as required; when the identity management center selects a backup authentication point, according to The direct connection trust path between each identity provider and the direct connection trust path between each identity provider and the identity management center selects one of the identity providers that the user has registered with the identity that the service provider belongs to The identity provider with which the provider has a direct or indirect trust relationship acts as a backup authentication point. Two identity providers have a direct trust relationship means that they belong to the same trust domain, or they do not belong to the same trust d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an identity management interoperation method and an identity management interoperation system. The method comprises that: a user makes a request for a service to a service provider; under the condition that the user does not perform identity registration on an identity provider of the service provider, an identity management center selects the identity provider which has a trust relationship with the identity provider of the service provider and on which the user performs the identity registration as a standby authentication point; and after the user passes the authentication of the standby authentication point, the service provider provides the service for the user. By the method and the system, trust relationship interoperations among different trusted domains can be realized under the condition of not changing an internal authentication method of a conventional identity management system, and convenience is brought to the user.

Description

technical field [0001] The present invention relates to the fields of network security and communication, and more particularly relates to a method and system for realizing identity management interoperability. Background technique [0002] Service Provider (SP for short) provides support for limited Identity Provider (IDP for short). If the IDP (such as IDP A) used by the user is not supported by the current SP (such as SP1), the user Authentication cannot be completed. The user must register with the IDP supported by the SP (such as IDP B, C, D) to complete the SP authentication, or the user can also access other services that support this user and can provide similar services. The IDP of the SP (eg SP2) gets a similar service. This is inconsistent with the goals of Identity Management (IDM). However, the IDPs that have been put into use at present cannot realize the unification of different IDPs because of their respective interests. [0003] Identity management refers...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 陈剑勇袁泉林兆骥
Owner 贵州好生活智慧服务股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products