Abstract: In a method, a consumer (100), being a software application or web site accessing a service provider (200) on behalf of a user, transmits (s10) to a service provider (200), being a software application or web site providing access to protected resources, a request for authorization to access by the consumer (100) on behalf of a delegatee (410) the protected resources of a delegator (420). The service provider (200) transmits (s20) to a controller (300) the request for authorization. A request token is also transmitted, which is a value used by the service provider (200) to register a requested authorization. The controller (300) determines (s30) whether the requested authorization meets policy settings governing the access to the delegator's protected resources. If so, the service provider (200) grants the authorization registered by the request token, and a third message including the request token is transmitted (s50) to the consumer (100).

Abstract: A controller (12) is used for privacy management in an identity network (10) for a principal (20). An identity network (10) is a computer network including at least an identity provider (14), a discovery service provider (16), and a service provider (18) with which the principal (20) can make transactions. A principal (20) is a system entity whose identity can be authenticated. An identity resource (14) is either data related to an identity or group of identities, or a service associated with an identity or group of identities. The controller (12) queries a discovery service provider to obtain information regarding available identity resources (14), it receives back addressing information for addressing attributes of the identity resources (14), and it then interacts, based on the addressing information, with a service provider (18) to create, read, modify or delete a privacy attribute governing the use of an identity resource (14).

Abstract: A method carried out by a controller is disclosed. The method includes receiving (s10) a message including a request token. A request token is a value used by a consumer (300) to request authorization from a user to access protected resources from a service provider (400). A service provider (400) is at least one of a software application and web site that is configured to provide access to protected resources. A consumer {300} is at least one of a software application and a web site that is configured to access a service provider (400) on behalf of a user. The method further includes determining (s20) whether the message meets policy settings governing the access to protected resources; and, if it is determined (s30) that the message does not meet the policy settings, preventing (s34) the request token from being forwarded to the service provider (400) associated with the request token.

Abstract: A method is carried out by a controller (100), a social network (200), a provider (300) and a terminal (400) of a primary user (450). After a trust relationship is set up (s10) between the controller (300) and social network (200), the terminal (400) accesses (s20) the provider (300). The provider (300) transmits (s30) to the terminal (400) a proposal to provide information relating to the provider (300) to secondary users of the primary user in the social network (200). If the terminal (400) accepts (s40) the proposal, the provider (300) transmits (s30) to the controller (100) a message including the information relating to the provider (300). The controller (300) obtains identification of the primary user (450) to whom the message relates and triggers (s70) transmission, to the secondary users, of the information relating to the provider (300). A controller (100), a system (500) and computer programs are also disclosed.

Abstract: In a method, a consumer (100), being a software application or web site accessing a service provider (200) on behalf of a user, transmits (s10) to a service provider (200), being a software application or web site providing access to protected resources, a request for authorization to access by the consumer (100) on behalf of a delegatee (410) the protected resources of a delegator (420). The service provider (200) transmits (s20) to a controller (300) the request for authorization. A request token is also transmitted, which is a value used by the service provider (200) to register a requested authorization. The controller (300) determines (s30) whether the requested authorization meets policy settings governing the access to the delegator's protected resources. If so, the service provider (200) grants the authorization registered by the request token, and a third message including the request token is transmitted (s50) to the consumer (100).

Abstract: A method carried out by a controller is disclosed. The method includes receiving (s10) a message including a request token. A request token is a value used by a consumer (300) to request authorization from a user to access protected resources from a service provider (400). A service provider (400) is at least one of a software application and web site that is configured to provide access to protected resources. A consumer {300} is at least one of a software application and a web site that is configured to access a service provider (400) on behalf of a user. The method further includes determining (s20) whether the message meets policy settings governing the access to protected resources; and, if it is determined (s30) that the message does not meet the policy settings, preventing (s34) the request token from being forwarded to the service provider (400) associated with the request token.

Abstract: A controller (12) is used for privacy management in an identity network (10) for a principal (20). An identity network (10) is a computer network including at least an identity provider (14), a discovery service provider (16), and a service provider (18) with which the principal (20) can make transactions. A principal (20) is a system entity whose identity can be authenticated. An identity resource (14) is either data related to an identity or group of identities, or a service associated with an identity or group of identities. The controller (12) queries a discovery service provider to obtain information regarding available identity resources (14), it receives back addressing information for addressing attributes of the identity resources (14), and it then interacts, based on the addressing information, with a service provider (18) to create, read, modify or delete a privacy attribute governing the use of an identity resource (14).