| 发明名称 |
Identity provider discovery service using a publish-subscribe model |
| 摘要 |
A proxy is integrated within an F-SSO environment and interacts with an external identity provider (IdP) instance discovery service. The proxy proxies IdP instance requests to the discovery service and receives responses that include the IdP instance assignments. The proxy maintains a cache of the instance assignment(s). As new instance requests are received, the cached assignment data is used to provide appropriate responses in lieu of proxying these requests to the discovery service, thereby reducing the time needed to identify the required IdP instance. The proxy dynamically maintains and manages its cache by subscribing to updates from the discovery service. The updates identify IdP instance changes (such as servers being taken offline for maintenance, new services being added, etc.) occurring within the set of geographically-distributed instances that comprise the IdP service. The updates are provided via a publication-subscription model such that the proxy receives change notifications proactively. |
| 申请公布号 |
US9596122(B2) |
申请公布日期 |
2017.03.14 |
| 申请号 |
US201213403565 |
申请日期 |
2012.02.23 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Hinton Heather Maria;McCarty Richard James;Looney Clifton Steve |
| 分类号 |
G06F15/173;H04L12/24;H04L29/08;H04L29/06 |
主分类号 |
G06F15/173 |
| 代理机构 |
|
代理人 |
Wilhelm Richard A.;Judson David H. |
| 主权项 |
1. Apparatus for providing identity provider services in association with an identity provider instance discovery service distinct from and external to the apparatus, comprising:
a processor; computer memory holding computer program instructions executed by the processor to carry out a set of operations comprising: as requests for identity provider instances are processed by the identity provider instance discovery service, receiving and storing at the apparatus data identifying the identity provider instances assigned by the identity provider instance discovery service; receiving at the apparatus an update concerning a resource associated with the identity provider instance discovery service, the update received from the identity provider instance discovery service via a topic-based publish-subscribe notification service; based on the update received at the apparatus, modifying the data; and upon receipt of a new request for an identity provider instance, and in lieu of forwarding the new request from the apparatus to the identity provider instance discovery service for handling, using the modified data to identify an identity provider instance for use in responding to the new request. |
| 地址 |
Armonk NY US |
