Claims
- 1. A method for managing user attribute information within a data processing system, the method comprising:
receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.
- 2. The method of claim 1 further comprising:
in response to a determination that the attribute information provider is not currently maintaining a requested user attribute for the user, prompting the user to input a value for the requested user attribute.
- 3. The method of claim 1 further comprising:
prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider.
- 4. The method of claim 1 further comprising:
prompting the user to enter a value for a releasability condition for a user attribute.
- 5. The method of claim 4 further comprising:
prompting the user to enter a value for a temporal restraint for the releasability condition.
- 6. The method of claim 5 further comprising:
indicating that the temporal restraint is effective permanently.
- 7. The method of claim 5 further comprising:
indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider.
- 8. The method of claim 4 further comprising:
prompting the user to enter a value for a domain restraint for the releasability condition.
- 9. The method of claim 8 further comprising:
indicating that the domain restraint is for the service provider.
- 10. The method of claim 9 further comprising:
indicating that the domain restraint is effective permanently.
- 11. The method of claim 1 further comprising:
prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message.
- 12. The method of claim 11 further comprising:
indicating that the permission condition is effective permanently.
- 13. A method for managing user attribute information within a data processing system, the method comprising:
receiving from a user a request for a resource at a service provider; determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user; sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user; receiving a response message from the first attribute information provider; and determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- 14. The method of claim 13 further comprising:
halting retrievals for user attribute information for the user in accordance with the control flag.
- 15. The method of claim 13 further comprising:
performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
- 16. The method of claim 13 further comprising:
performing a user-specific operation for the resource based on retrieved user attribute information for the user.
- 17. A data processing system for managing user attribute information, the data processing system comprising:
means for receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and means for requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.
- 18. The data processing system of claim 17 further comprising:
means for prompting the user to input a value for the requested user attribute in response to a determination that the attribute information provider is not currently maintaining a requested user attribute for the user.
- 19. The data processing system of claim 17 further comprising:
means for prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider.
- 20. The data processing system of claim 17 further comprising:
means for prompting the user to enter a value for a releasability condition for a user attribute.
- 21. The data processing system of claim 20 further comprising:
means for prompting the user to enter a value for a temporal restraint for the releasability condition.
- 22. The data processing system of claim 21 further comprising:
means for indicating that the temporal restraint is effective permanently.
- 23. The data processing system of claim 21 further comprising:
means for indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider.
- 24. The data processing system of claim 20 further comprising:
means for prompting the user to enter a value for a domain restraint for the releasability condition.
- 25. The data processing system of claim 24 further comprising:
means for indicating that the domain restraint is for the service provider.
- 26. The data processing system of claim 25 further comprising:
means for indicating that the domain restraint is effective permanently.
- 27. The data processing system of claim 17 further comprising:
means for prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message.
- 28. The data processing system of claim 27 further comprising:
means for indicating that the permission condition is effective permanently.
- 29. A data processing system for managing user attribute information, the data processing system comprising:
means for receiving from a user a request for a resource at a service provider; means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user; means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user; means for receiving a response message from the first attribute information provider; and means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- 30. The data processing system of claim 29 further comprising:
means for halting retrievals for user attribute information for the user in accordance with the control flag.
- 31. The data processing system of claim 29 further comprising:
means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
- 32. The data processing system of claim 29 further comprising:
means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.
- 33. A computer program product in a computer readable medium for managing user attribute information in a data processing system, the computer program product comprising:
means for receiving a request message at an attribute information provider from a service provider that is attempting to retrieve user attribute information for a user, wherein the request message identifies one or more requested user attributes, wherein the attribute information provider is a service provider that maintains user attribute information for the user; and means for requesting user input by the attribute information provider prior to sending a response message from the attribute information provider to the service provider, wherein the user input comprises a value that indicates a retrieval condition on subsequent requests while retrieving user attribute information for the user.
- 34. The computer program product of claim 33 further comprising:
means for prompting the user to input a value for the requested user attribute in response to a determination that the attribute information provider is not currently maintaining a requested user attribute for the user.
- 35. The computer program product of claim 33 further comprising:
means for prompting the user to enter a value for a retrieval condition that indicates that the service provider cannot request user attribute information for the user at another attribute information provider.
- 36. The computer program product of claim 33 further comprising:
means for prompting the user to enter a value for a releasability condition for a user attribute.
- 37. The computer program product of claim 36 further comprising:
means for prompting the user to enter a value for a temporal restraint for the releasability condition.
- 38. The computer program product of claim 37 further comprising:
means for indicating that the temporal restraint is effective permanently.
- 39. The computer program product of claim 37 further comprising:
means for indicating that the temporal restraint is effective for a duration of a transaction for the user at the service provider.
- 40. The computer program product of claim 36 further comprising:
means for prompting the user to enter a value for a domain restraint for the releasability condition.
- 41. The computer program product of claim 40 further comprising:
means for indicating that the domain restraint is for the service provider.
- 42. The computer program product of claim 41 further comprising:
means for indicating that the domain restraint is effective permanently.
- 43. The computer program product of claim 33 further comprising:
means for prompting the user to enter a value for a permission condition that indicates that the attribute information provider should prompt the user for releasability condition information for each received request message.
- 44. The computer program product of claim 43 further comprising:
means for indicating that the permission condition is effective permanently.
- 45. A computer program product in a computer readable medium for managing user attribute information in a data processing system, the computer program product comprising:
means for receiving from a user a request for a resource at a service provider; means for determining a set of one or more attribute information providers that are associated with the user, wherein an attribute information provider is a service provider that maintains user attribute information for the user; means for sending a request message to a first attribute information provider in the set of one or more attribute information providers in order to retrieve user attribute information for the user; means for receiving a response message from the first attribute information provider; and means for determining that the response message comprises a control flag from the first attribute information provider, wherein the control flag indicates a retrieval condition on subsequent requests from the service provider to attribute information providers while retrieving user attribute information for the user.
- 46. The computer program product of claim 45 further comprising:
means for halting retrievals for user attribute information for the user in accordance with the control flag.
- 47. The computer program product of claim 45 further comprising:
means for performing subsequent retrievals for user attribute information for the user in accordance with the control flag.
- 48. The computer program product of claim 45 further comprising:
means for performing a user-specific operation for the resource based on retrieved user attribute information for the user.
- 49. A method for managing user information within a data processing system, the method comprising:
receiving from a client a request for a resource at a service provider; in response to a determination that the service provider does not have a set of one or more identifiers of attribute information providers that was previously associated with the client or a user of the client:
selecting a set of one or more identifiers of attribute information providers, wherein each of the attribute information providers is a service provider that maintains user attribute information for the user; and sending an attribute information retrieval request message to a user-specified attribute information provider from the service provider.
- 50. The method of claim 49 further comprising:
providing a user option to choose whether to persistently associate the user with the selection of the set of one or more identifiers of attribute information providers.
- 51. The method of claim 50 further comprising:
enrolling the selection of the set of one or more identifiers of attribute information providers at the service provider.
- 52. The method of claim 50 further comprising:
storing the set of one or more identifiers of attribute information providers in a persistent token at the client.
- 53. The method of claim 50 further comprising:
storing the set of one or more identifiers of attribute information providers in a client-side information repository.
- 54. The method of claim 49 further comprising:
receiving the set of one or more identifiers of attribute information providers as input from the user.
- 55. The method of claim 49 further comprising:
retrieving the set of one or more identifiers of attribute information providers from administratively configured information.
- 56. The method of claim 49 further comprising:
providing a user option to choose whether to establish a relationship with an attribute information provider in the set of one or more identifiers of attribute information providers.
- 57. An apparatus for managing user information, the apparatus comprising:
means for receiving from a client a request for a resource at a service provider; means for selecting a set of one or more identifiers of attribute information providers in response to a determination that the service provider does not have a set of one or more identifiers of attribute information providers that was previously associated with the client or a user of the client, wherein each of the attribute information providers is a service provider that maintains user attribute information for the user; and means for sending an attribute information retrieval request message to a user-specified attribute information provider from the service provider.
- 58. The apparatus of claim 57 further comprising:
means for providing a user option to choose whether to persistently associate the user with the selection of the set of one or more identifiers of attribute information providers.
- 59. The apparatus of claim 58 further comprising:
means for enrolling the selection of the set of one or more identifiers of attribute information providers at the service provider.
- 60. The apparatus of claim 58 further comprising:
means for storing the set of one or more identifiers of attribute information providers in a persistent token at the client.
- 61. The apparatus of claim 58 further comprising:
means for storing the set of one or more identifiers of attribute information providers in a client-side information repository.
- 62. The apparatus of claim 57 further comprising:
means for receiving the set of one or more identifiers of attribute information providers as input from the user.
- 63. The apparatus of claim 57 further comprising:
means for retrieving the set of one or more identifiers of attribute information providers from administratively configured information.
- 64. The apparatus of claim 57 further comprising:
means for providing a user option to choose whether to establish a relationship with an attribute information provider in the set of one or more identifiers of attribute information providers.
- 65. A computer program product in a computer readable medium for managing user information in a data processing system, the computer program product comprising:
means for receiving from a client a request for a resource at a service provider; means for selecting a set of one or more identifiers of attribute information providers in response to a determination that the service provider does not have a set of one or more identifiers of attribute information providers that was previously associated with the client or a user of the client, wherein each of the attribute information providers is a service provider that maintains user attribute information for the user; and means for sending an attribute information retrieval request message to a user-specified attribute information provider from the service provider.
- 66. The computer program product of claim 65 further comprising:
means for providing a user option to choose whether to persistently associate the user with the selection of the set of one or more identifiers of attribute information providers.
- 67. The computer program product of claim 66 further comprising:
means for enrolling the selection of the set of one or more identifiers of attribute information providers at the service provider.
- 68. The computer program product of claim 66 further comprising:
means for storing the set of one or more identifiers of attribute information providers in a persistent token at the client.
- 69. The computer program product of claim 66 further comprising:
means for storing the set of one or more identifiers of attribute information providers in a client-side information repository.
- 70. The computer program product of claim 65 further comprising:
means for receiving the set of one or more identifiers of attribute information providers as input from the user.
- 71. The computer program product of claim 65 further comprising:
means for retrieving the set of one or more identifiers of attribute information providers from administratively configured information.
- 72. The computer program product of claim 65 further comprising:
means for providing a user option to choose whether to establish a relationship with an attribute information provider in the set of one or more identifiers of attribute information providers.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application is related to the following applications with a common assignee:
[0002] U.S. patent application Ser. No. (Attorney Docket Number CH920020006), filed (TBD), titled “Efficient browser-based identity management providing personal control and anonymity”;
[0003] U.S. patent application Ser. No. (Attorney Docket Number AUS9-2000-0770-US1), filed Nov. 09, 2000, titled “Method and system for Web-based cross-domain single-sign-on authentication”;
[0004] U.S. patent application Ser. No. (Attorney Docket Number AUS920010769US1), filed (TBD), titled “System and method for user enrollment in an e-community”;
[0005] U.S. patent application Ser. No. (Attorney Docket Number AUS920020386US1), filed (TBD), titled “Method and system for user-determined authentication in a federated environment”;
[0006] U.S. patent application Ser. No. (Attorney Docket Number AUS920020387US1), filed (TBD), titled “Method and system for user enrollment of user attribute storage in a federated environment”;
[0007] U.S. patent application Ser. No. (Attorney Docket Number AUS920020726US1), filed (TBD), titled “Method and system for enroll-thru operations and reprioritization operations in a federated environment”; and
[0008] U.S. patent application Ser. No. (Attorney Docket Number AUS920020412US1), filed xx/xx/2002, titled “Method and System for Attribute Exchange in a Heterogeneous Federated Environment”.