Abstract: A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP's behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider's behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid.

Abstract: A secure database includes a catalog of information about one or more identity providers (IdPs) that are trusted by a service provider (SP) to authenticate users on the SP's behalf. The catalog securely stores one or more IdP configurations. An entry in the database stores information associated with the trusted IdP including artifacts to identify the IdP, artifacts used by the IdP for cryptographic operations, and a specification of one or more website(s) serviced by the trusted identity provider. Upon receipt by the SP of identity information representing a user that has authenticated to an IdP, information in the catalog of information is used to determine whether the IdP is trusted to authenticate the user on the service provider's behalf. The determination verifies that the SP uses the IdP and that a binding between an IdP identifier and at least one IdP cryptographic artifact is valid.

Abstract: One or more data structures are received by a computing device, wherein the one or more data structures include at least one or more user credentials. The one or more user credentials are normalized by the computing device to generate a first graph. One or more nodes of the first graph and one or more nodes of at least a second graph are analyzed by the computing device, wherein analyzing includes at least identifying a logical correlation between the one or more nodes of the first graph and the one or more nodes of at least the second graph. A third graph is generated by the computing device based, at least in part, upon the analysis of the one or more nodes of the first graph and the one or more nodes of at least the second graph. An output data structure is generated by the computing device based, at least in part, upon the third graph.

Abstract: One or more data structures are received by a computing device, wherein the one or more data structures include at least one or more user credentials. The one or more user credentials are normalized by the computing device to generate a first graph. One or more nodes of the first graph and one or more nodes of at least a second graph are analyzed by the computing device, wherein analyzing includes at least identifying a logical correlation between the one or more nodes of the first graph and the one or more nodes of at least the second graph. A third graph is generated by the computing device based, at least in part, upon the analysis of the one or more nodes of the first graph and the one or more nodes of at least the second graph. An output data structure is generated by the computing device based, at least in part, upon the third graph.