公开(公告)号：WO2013109556A1

公开(公告)日：2013-07-25

申请号：PCT/US2013/021615

申请日：2013-01-16

Applicant: MICROSOFT CORPORATION

Inventor： EYDELMAN, Vadim ,  KRESS, Brian ,  LEIBMANN, Matthias ,  NOUREDDINE, Moustafa ,  YU, Lei ,  LUO, Haibo

IPC: H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/321 ,  H04L9/3263 ,  H04L61/3065 ,  H04L61/35 ,  H04L63/062 ,  H04L69/22

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.

Abstract translation: 在线和内部部署应用程序标识可信赖的身份验证提供程序。 这些应用程序配置有可信赖的认证凭证发行者列表。 当应用程序接收到需要认证的请求时，应用程序返回包含受信任发行者列表的401响应。 请求应用将可信发行者列表从401响应与其自己的认证提供者列表进行比较。 如果两个列表之间存在匹配，则请求的应用程序将为身份验证提供程序创建自发证券。 认证提供者使用自发证令牌为请求的应用程序生成认证令牌。 如果两个应用程序之间存在直接的信任，请求应用程序也可以直接为目标伙伴应用程序创建令牌，而不需要身份验证提供程序。

公开(公告)号：WO2008109244A1

公开(公告)日：2008-09-12

申请号：PCT/US2008/054152

申请日：2008-02-15

Applicant: MICROSOFT CORPORATION

Inventor： UNGUREANASU, Cezar ,  ZYBURA, John H. ,  LEIBMANN, Matthias ,  GAJULA, Pallavi

IPC: G06F21/20

CPC classification number: G06F17/30412 ,  G06F21/6227

Abstract: Enterprise Identity Management systems control access to information derived from identity-related data stored in various data repositories. An identity-based management system can automatically and dynamically compute derived data when the source data changes. Rule-base tools can be used to compute derived data from arbitrary attribute-based datasets. Dynamic computation of identity-based attributes within information system servers allows data to be aggregated and normalized from multiple data sources deployed across an organization so that updated related information can be persisted and pushed to various servers in the organization.

Abstract translation: 企业身份管理系统控制从存储在各种数据存储库中的身份相关数据导出的信息的访问。 基于身份的管理系统可以在源数据更改时自动和动态地计算派生数据。 规则库工具可用于从任意基于属性的数据集中计算派生数据。 信息系统服务器中基于身份的属性的动态计算允许从组织中部署的多个数据源聚合和归一化数据，以便更新的相关信息可以持久化并推送到组织中的各种服务器。

公开(公告)号：EP2805447A1

公开(公告)日：2014-11-26

申请号：EP13738147.1

申请日：2013-01-16

Applicant: Microsoft Corporation

Inventor： EYDELMAN, Vadim ,  KRESS, Brian ,  LEIBMANN, Matthias ,  NOUREDDINE, Moustafa ,  YU, Lei ,  LUO, Haibo

IPC: H04L9/32

CPC classification number: H04L63/0823 ,  H04L9/321 ,  H04L9/3263 ,  H04L61/3065 ,  H04L61/35 ,  H04L63/062 ,  H04L69/22

Abstract: Online and on-premise applications identify trusted authentication providers. The applications are configured with a list of trusted issuers of authentication credentials. When an application receives a request requiring authentication, the application returns a 401 response that includes the trusted issuer list. The requesting application compares the trusted issuer list from the 401 response to its own list of authentication providers. If there is a match between the two lists, then the requesting application creates a self-issued token for the authentication provider. The authentication provider uses the self-issued token to generate an authentication token for the requesting application. The requesting application may also directly create a token for a target partner application, without an authentication provider, if there is a direct trust between the two applications.