公开(公告)号：WO2004059478A3

公开(公告)日：2005-08-11

申请号：PCT/EP0314847

申请日：2003-11-27

Applicant: IBM ,  IBM FRANCE

Inventor： BLAKLEY GEORGE R III ,  HINTON HEATHER M ,  NADALIN ANTHONY J ,  WESLEY AJAMU A

IPC: G06F17/30 ,  G06F21/00 ,  H04L29/06 ,  H04L29/08 ,  G06F1/00

CPC classification number: H04L63/0815 ,  H04L63/0807 ,  H04L63/104 ,  H04L67/10

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.

Abstract translation: 提出了一种方法，其中联合域在联合环境中相互作用。 联盟内的域可以为其他联盟域的用户启动联合单点登录操作。 域内的联络点服务器依赖于域内的信任代理来管理域和联盟之间的信任关系。 信任代理根据需要解释其他联盟域的断言。 信托代理可能与一个或多个信托经纪人有信任关系，信托代理可以依靠信托代理人来解释断言。 当用户请求从其他联盟域的用户启动了联合单点登录操作的域注销时，域通过请求在其他联盟域的注销操作来启动合并注销操作，这些操作也可以启动注销操作 以级联方式发布到已启动联合单点登录操作的域。

公开(公告)号：WO2004059415A2

公开(公告)日：2004-07-15

申请号：PCT/EP0314852

申请日：2003-11-27

Applicant: IBM ,  IBM FRANCE

Inventor： BLAKLEY GEORGE R III ,  HINTON HEATHER M ,  NADALIN ANTHONY J

IPC: H04L29/06 ,  G06F

CPC classification number: H04L63/0281 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/0823 ,  H04L2463/102

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.

Abstract translation: 提出了一种方法，其中联合域在联合环境中相互作用。 联盟内的域可以为其他联盟域的用户启动联合单点登录操作。 域内的联络点服务器依赖域内的信任代理来管理域和联盟之间的信任关系。 信任代理根据需要解释其他联盟域的断言。 信托代理可能与一个或多个信托经纪人有信任关系，信托代理可以依靠信托代理人来解释断言。

公开(公告)号：GB2365561B

公开(公告)日：2004-06-16

申请号：GB0030228

申请日：2000-12-12

Applicant: IBM

Inventor： GUSKI RICHARD H ,  DILLENBERGER DONNA N ,  FARRELL WALTER B ,  HERZBERG AMIR ,  KOVED LAWRENCE ,  NADALIN ANTHONY J ,  RELLER DUANE F ,  SHIN JOHN H ,  SHMUELI ANAT S ,  SZCZYGIELSKI THOMAS J ,  THOMPSON JOHN M ,  WILLIAMS JOSEPH A

IPC: G06F1/00 ,  G06F21/51 ,  G06F21/53 ,  G06F21/54

公开(公告)号：GB2308688B

公开(公告)日：1999-11-10

申请号：GB9624244

申请日：1996-11-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  BLAKELEY III GEORGE ROBERT ,  COPELAND GEORGE PRENTICE ,  NADALIN ANTHONY J

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/42 ,  G06F9/44 ,  G06F9/46 ,  G06F21/00 ,  G06F21/24

公开(公告)号：AU2003288261A8

公开(公告)日：2004-07-22

申请号：AU2003288261

申请日：2003-11-27

Applicant: IBM

Inventor： BLAKLEY GEORGE R III ,  NADALIN ANTHONY J ,  HINTON HEATHER M

IPC: H04L29/06

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.

公开(公告)号：GB2308688A

公开(公告)日：1997-07-02

申请号：GB9624244

申请日：1996-11-21

Applicant: IBM

Inventor： BENANTAR MESSAOUD ,  BLAKELEY III GEORGE ROBERT ,  COPELAND GEORGE PRENTICE ,  NADALIN ANTHONY J

IPC: G06F12/14 ,  G06F1/00 ,  G06F9/42 ,  G06F9/44 ,  G06F9/46 ,  G06F21/00 ,  G06F21/24

公开(公告)号：AU2003294951A8

公开(公告)日：2004-07-22

申请号：AU2003294951

申请日：2003-11-27

Applicant: IBM

Inventor： NADALIN ANTHONY J ,  BLAKLEY GEORGE R III ,  WESLEY AJAMU A ,  HINTON HEATHER M

IPC: G06F17/30 ,  G06F21/00 ,  H04L29/06 ,  H04L29/08 ,  G06F1/00

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.

公开(公告)号：AU2003288261A1

公开(公告)日：2004-07-22

申请号：AU2003288261

申请日：2003-11-27

Applicant: IBM

Inventor： NADALIN ANTHONY J ,  BLAKLEY GEORGE R III ,  HINTON HEATHER M

IPC: H04L29/06

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions.

公开(公告)号：GB2365561A

公开(公告)日：2002-02-20

申请号：GB0030228

申请日：2000-12-12

Applicant: IBM

Inventor： GUSKI RICHARD H ,  DILLENBERGER DONNA N ,  FARRELL WALTER B ,  HERZBERG AMIR ,  KOVED LAWRENCE ,  NADALIN ANTHONY J ,  RELLER DUANE F ,  SHIN JOHN H ,  SHMUELI ANAT S ,  SZCZYGIELSKI THOMAS J ,  THOMPSON JOHN M ,  WILLIAMS JOSEPH A

IPC: G06F1/00 ,  G06F21/51 ,  G06F21/53 ,  G06F21/54

Abstract: In a multi-user application environment with Java, both codesource access checking and verification of the user who is executing code are employed for access checking. An end user uses a Web browser to access a Web server. An execution thread is established for an end user. The HTTP page and function requested by the user cause the Web application server to invoke a Java Virtual Machine (JVM) which in turn invokes a requested Java servlet. When the Secure Class Loader loads a Java class into the JVM, the code base Uniform URL and the Digital Certificate that was used to sign the class are used by the Secure Class Loader to create the codesource Java object. The JVM includes a Java Security Manager (JSM) class that invokes classes that invoke an underlying system security manager. Conditional access checking includes the capability to control access to resources based on the user and on the Java servlet classes being executed. If the codesource indicated by a Conditional Access List matches the codesource specified in the profile, the system security manager will allow access.

公开(公告)号：CA2508464C

公开(公告)日：2011-06-07

申请号：CA2508464

申请日：2003-11-27

Applicant: IBM

Inventor： BLAKLEY GEORGE R III ,  HINTON HEATHER M ,  NADALIN ANTHONY J ,  WESLEY AJAMU A

IPC: G06F9/46 ,  G06F17/30 ,  G06F21/00 ,  H04L29/06 ,  H04L29/08

Abstract: A method is presented in which federated domains interact within a federated environment. Domains within a federation can initiate federated single-sign-on operations for a user at other federated domains. A point-of-contact server within a domain relies upon a trust proxy within the domain to manage trust relationships between the domain and the federation. Trust proxies interpret assertions from other federated domains as necessary. Trust proxies may have a trust relationship with one or more trust brokers, and a trust proxy may rely upon a trust broker for assistance in interpreting assertions. When a user requests to logoff from a domain that has initiated federated single-sign-on operations for the user at other federated domains, the domain initiates a consolidated logoff operation by requesting logoff operations at those other federated domains, which may also initiate logoff operations in a cascaded fashion to the domains at which they have initiated federated single-sign-on operations.