Abstract: A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

Abstract: A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

Abstract: A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

Abstract: A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

Abstract: A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.

Abstract: In an enterprise server system having a server, a web-base applications single sign-on method and system. The single sign-on system includes logic for assigning and retrieving uniquely identifying tokens that are assigned to a user attempting to access one of many applications in the server. The token is assigned after the user has successfully logged into the server. The assigned token enables the user to access different applications in the server without having to authenticate every time the user goes from one application to the other. In one embodiment of the present invention, the single sign-on system includes a token that provides a listening mechanism for the applications that need to be notified when a token expires in order to deny access to the particular user identified with the expired token.

Abstract: The present invention is directed to the application of the Class of Service (CoS) feature in a directory server. The CoS feature allows user entries in a directory to be associated to service templates for multiple registered services in the directory. Once a service is registered, a CoS definition (service definition) may be created for that service under the organization entry. Once a service gets activated, an associated CoS template (service template) may be created for that service using its service definition. The template entries contain a list of shared attribute values and changes to these values get automatically applied to all the entries sharing the attribute. By creating these service definitions and templates under an organization entry, all the service privileges can be made available to all entries under the organization. Similarly, policies for resources can be defined for an organization and policy specific attributes can be made applicable to all the entries in the organization.

Abstract: In an enterprise server system having a server, a web-base applications single sign-on method and system. The single sign-on system includes logic for assigning and retrieving uniquely identifying tokens that are assigned to a user attempting to access one of many applications in the server. The token is assigned after the user has successfully logged into the server. The assigned token enables the user to access different applications in the server without having to authenticate every time the user goes from one application to the other. In one embodiment of the present invention, the single sign-on system includes a token that provides a listening mechanism for the applications that need to be notified when a token expires in order to deny access to the particular user identified with the expired token.

Abstract: A distributed network identity is provided. An identity provider stores a portion of a user's personal information. A service provider accesses user information from one or more identity providers. System entities such as identity providers and service providers can be linked to enable information sharing and aggregation. User policies and privacy preferences are provided to control how information is shared. A single sign-on architecture is provided where an identity provider is used to facilitate cross-domain authentication and to enhance user convenience. Service delegation features are also provided.