277 results about "Identity provider" patented technology

A method is provided to authorize an online transaction between a purchaser and a merchant. The method includes providing, via an identity provider, verification of an identity of the purchaser. The method also includes providing, via a payment provider, verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are different network entities. A computer system is also provided that can conduct an online transaction between a purchaser and a merchant providing one or more goods and / or services. The computer system includes a first node configured to provide verification of an identity of the purchaser, and a second node configured to provide verification of an ability of the purchaser to pay for the transaction, where the first node and the second node are associated with different network entities.

A method of associating a content object with metadata uses a combination of a content identifier and a bounding identifier to enable handling of disparate sets of content identifiers for content objects with potentially conflicting content identifiers. The method receives a content identifier for a content object from among a set of content identifiers. It provides a unique bounding identifier for the set of content identifiers. This unique bounding identifier is used in combination with the content identifier to form a globally unique identifier for the content object. This globally unique identifier is associated with a metadata source, which enables routing of a user to the metadata source. Another novel method addresses content objects with two or more content identifiers, potentially referencing different metadata sources. This method registers different globally unique identifiers for a content object. These globally unique identifiers each comprise a content identifier provided with the content object and a bounding identifier identifying a set of content identifiers of which the content identifier is a member. For each of the globally unique identifiers, information is maintained about a metadata source. The method receives a first content identifier for the content object, and uses a bounding identifier associated with the set of the first content identifier to determine the globally unique identifier for the first content identifier. The user is routed to the metadata source associated with globally unique identifier. This document describes a novel system that enables multiple identity providers (ID Providers) to register and use the system. The ID Provider registers with a metadata directory system, receives a unique bounding identifier, and uses this bounding ID (e.g., an ID provider ID) with subsequent interactions with the metadata directory system. Separately, metadata source providers register metadata sources with the metadata directory system. This enables many different participants to associate content objects with metadata sources using one or more identify providers. Examples of metadata source providers include content providers, like content owners or retailers that have the flexibility of working with different ID providers to associate content objects with metadata. Both content providers and ID providers can register and use the system. The metadata source is the system or device that provides the metadata, like a web site. The directory system uses an identifier for the metadata source, which enables it to maintain an association between a content object and its corresponding metadata source. For example, in some embodiments, a URL serves to identify the location of the source. The Content Metadata Directory Services (CMDS) is a global trusted directory service that connects consumers of identified content to content-provider authorized and managed metadata databases and other digital resources. It includes mostly links to metadata, forms globally unique IDs based upon overlapping content identifiers and unique bounding identifiers, enables multiple content identifiers within a content object, and enables multiple content identity technology providers, even when they are using different technology.

A method is presented for performing an identity provider migration operation with respect to a user within a federated computational environment, wherein the user has a first user account at a first identity provider, a second user account at a second identity provider, and a third user account at a service provider. A request to access a resource is received by the service provider, after which a federated single-sign-on operation for the user is performed between the service provider and the first identity provider. Prior to sending a response to the request to access the protected resource, information in the third user account is modified to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider. A response for the request to access the resource is then returned by the service provider.

A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

A method, system, apparatus, and computer program product are presented to support computing systems of different enterprises that interact within a federated computing environment. Federated single-sign-on operations can be initiated at the computing systems of federation partners on behalf of a user even though the user has not established a user account at a federation partner prior to the initiation of the single-sign-on operation. For example, an identity provider can initiate a single-sign-on operation at a service provider while attempting to obtain access to a controlled resource on behalf of a user. When the service provider recognizes that it does not have a linked user account for the user that allows for a single-sign-on operation with the identity provider, the service provider creates a local user account. The service provider can also pull user attributes from the identity provider as necessary to perform the user account creation operation.

Methods, apparatus, and computer code for effecting flash policy configuration operations in accordance with an end-user identifier and / or a host-instance identifier are disclosed herein. Exemplary flash policy configuration operations include (i) configuring a flash error-correction policy, (ii) configuring a flash-management table storage policy; (iii) configuring a wear-leveling policy; (iv) configuring a bad-block management policy and (v) configuring a flash-programming voltage parameter. Exemplary end-user identifiers include but are not limited to email account identifiers, logon user names, and International Mobile Subscriber Identities (IMSI). Exemplary host-instance identifiers may include but are not limited to International Mobile EQUIPMENT Identifiers (IMEI). Optionally, the flash policy configuration is contingent on authentication context data—for example, strength of the authentication (e.g. login / password vs. smartcard authentication or biometric authentication), date of the authentication, and identity provider information.