Claims
- 1. A method for managing user attribute information within a data processing system, the method comprising:
receiving from a user a request for a resource at a service provider; determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user; sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user; receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider; determining that the response message comprises an attribute assertion; and forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
- 2. The method of claim 1 further comprising:
forwarding the attribute assertion to a trust broker from the trust proxy for interpretation or validation.
- 3. The method of claim 1 further comprising:
determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- 4. The method of claim 3 further comprising:
halting retrievals for user attribute information for the user in accordance with the control flag.
- 5. The method of claim 3 further comprising:
performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
- 6. The method of claim 1 further comprising:
performing a user-specific operation for the resource based on retrieved user attribute information for the user.
- 7. A computer program product in a computer readable medium for use in a data processing system for managing user attribute information, the computer program product comprising:
means for receiving from a user a request for a resource at a service provider; means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user; means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user; means for receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider; means for determining that the response message comprises an attribute assertion; and means for forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
- 8. The computer program product of claim 7 further comprising:
means for forwarding the attribute assertion to a trust broker from the trust proxy for interpretation or validation.
- 9. The computer program product of claim 7 further comprising:
means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- 10. The computer program product of claim 9 further comprising:
means for halting retrievals for user attribute information for the user in accordance with the control flag.
- 11. The computer program product of claim 9 further comprising:
means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
- 12. The computer program product of claim 7 further comprising:
means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.
- 13. An apparatus for managing user attribute information, the apparatus comprising:
means for receiving from a user a request for a resource at a service provider; means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user; means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user; means for receiving a response message from the first attribute information provider at a point-of-contact server associated with the service provider; means for determining that the response message comprises an attribute assertion; and means for forwarding the attribute assertion for interpretation or validation from a point-of-contact server to a trust proxy associated with the service provider.
- 14. The apparatus of claim 13 further comprising:
means for forwarding the attribute assertion to a trust broker from the trust proxy for interpretation or validation.
- 15. The apparatus of claim 13 further comprising:
means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- 16. The apparatus of claim 15 further comprising:
means for halting retrievals for user attribute information for the user in accordance with the control flag.
- 17. The apparatus of claim 15 further comprising:
means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
- 18. The apparatus of claim 13 further comprising:
means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application is related to the following applications with a common assignee:
[0002] U.S. patent application Ser. No. ______ (Attorney Docket Number CH920020006), filed ______ (TBD), titled “Efficient browser-based identity management providing personal control and anonymity”;
[0003] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020410US1), filed ______ 2002, titled “Method and System for Proof-of-Possession Operations Associated with Authentication Assertions in a Heterogeneous Federated Environment”;
[0004] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020411US1), filed ______ 2002, titled “Local Architecture for Federated Heterogeneous System”;
[0005] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020413US1), filed ______ 2002, titled “Method and System for Authentication in a Heterogeneous Federated Environment”;
[0006] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020461US1), filed ______ 2002, titled “Method and System for Consolidated Sign-off in a Heterogeneous Federated Environment”;
[0007] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020486US1), filed ______ 2002, titled “Method and System for Native Authentication Protocols in a Heterogeneous Federated Environment”;
[0008] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS9-2000-0770-US1), filed Nov. 9, 2000, titled “Method and system for Web-based cross-domain single-sign-on authentication”;
[0009] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920010769US1), filed ______ (TBD), titled “System and method for user enrollment in an e-community”;
[0010] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020386US1), filed ______ (TBD), titled “Method and system for user-determined authentication in a federated environment”;
[0011] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020435US1), filed ______ (TBD), titled “Method and system for user-determined attribute storage in a federated environment”; and
[0012] U.S. patent application Ser. No. ______ (Attorney Docket Number AUS920020726US1), filed ______ (TBD), titled “Method and system for enroll-thru operations and reprioritization operations in a federated environment”.