System and methods for access control based on a user identity

摘要

System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

主权项

1. A method for establishing access control in a network, the method comprising:
transmitting, from a control point, an instruction to perform an action on a device; in response to transmitting the instruction, receiving a request from the device to authenticate a user; determining whether to authenticate the user based on an identity assertion capability associated with the control point, wherein the identity assertion capability has an attribute value that, when the attribute value is declared to be true, indicates that the control point is capable of authenticating the user; in response to determining that the attribute value associated with the identity assertion capability has been declared to be true to indicate that the control point is capable of authenticating the user, transmitting a user identity corresponding to the user to the device; receiving permission to perform the action on the device; and causing the action to be performed on the device based on the user identity.