主权项 |
1. A method, comprising:
registering, by a federated identity broker application executing on one or more computing devices, a first customer as an identity provider; registering, by the federated identity broker application, a second customer as an identity consumer; supplying to the second customer a set of registered identity providers that have registered with the federated identity broker application, the set identifying at least the first customer as a trusted provider; and acting as an intermediary between the first customer and the second customer to broker an identity request from the second customer that is granted or denied by the first customer by: receiving, by the federated identity broker application, the identity request from the second customer in an inbound flow; changing, by the federated identity broker application, a permission associated with the identity request; generating, by the federated identity broker application, a broker identity request using at least information associated with the identity request and including the changed permission; and transmitting, by the federated identity broker application, the broker identity request, including the changed permission, to the first customer on a separate outbound flow. |