公开(公告)号：WO2013109556A1

公开(公告)日：2013-07-25

申请号：PCT/US2013/021615

申请日：2013-01-16

Applicant: MICROSOFT CORPORATION

Inventor： EYDELMAN, Vadim ,  KRESS, Brian ,  LEIBMANN, Matthias ,  NOUREDDINE, Moustafa ,  YU, Lei ,  LUO, Haibo

IPC: H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/321 ,  H04L9/3263 ,  H04L61/3065 ,  H04L61/35 ,  H04L63/062 ,  H04L69/22

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.

Abstract translation: 在线和内部部署应用程序标识可信赖的身份验证提供程序。 这些应用程序配置有可信赖的认证凭证发行者列表。 当应用程序接收到需要认证的请求时，应用程序返回包含受信任发行者列表的401响应。 请求应用将可信发行者列表从401响应与其自己的认证提供者列表进行比较。 如果两个列表之间存在匹配，则请求的应用程序将为身份验证提供程序创建自发证券。 认证提供者使用自发证令牌为请求的应用程序生成认证令牌。 如果两个应用程序之间存在直接的信任，请求应用程序也可以直接为目标伙伴应用程序创建令牌，而不需要身份验证提供程序。

公开(公告)号：EP2805447A1

公开(公告)日：2014-11-26

申请号：EP13738147.1

申请日：2013-01-16

Applicant: Microsoft Corporation

Inventor： EYDELMAN, Vadim ,  KRESS, Brian ,  LEIBMANN, Matthias ,  NOUREDDINE, Moustafa ,  YU, Lei ,  LUO, Haibo

IPC: H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/321 ,  H04L9/3263 ,  H04L61/3065 ,  H04L61/35 ,  H04L63/062 ,  H04L69/22

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.