Elevating trust in user identity during RESTful authentication and authorization

摘要

Credentials sent over a back channel during the authentication of a user to a RESTful service can elevate the trust the recipient system can place in the user's identity. The addition of an identity credential of higher strength can increase confidence in user identities electronically presented with a lower strength credential. Attributes from either credential can be used to determine authorization to a protected resource.

主权项

1. A computer-implemented method of authenticating and authorizing an entity, comprising:
receiving, by a RESTful service, a request from an entity, wherein the request is for access to a protected resource; redirecting the entity to a relying party, wherein the relying party facilitates the authentication of the entity and stores a first credential and a SAML credential; receiving, by the RESTful service, the first credential from the relying party, wherein the first credential is received through a front channel; receiving, by the RESTful service, the SAML credential from the relying party, wherein the SAML credential is received through a back channel; authenticating the entity at a level of confidence based on the credential strength of the first credential and based on the credential strength of the SAML credential; and authorizing the entity's access to the protected resource, wherein the authorization is based on attributes contained in the SAML credential.