1. Field of the Invention
The present invention relates generally to computer networks and software. More specifically, it relates to software-implemented methods of sharing session data, typically related to a user, over multiple sites or servers using a message protocol and data format.
2. Discussion of Related Art
As the number of Web sites grows and as more individuals use the Internet to get information, access services, make purchases, etc., the frequency of having to access or log onto related Web sites to access services increases. For example, while making a purchase from a Web site of a large online vendor, the purchaser may want to link to another related, specialized vendor site as suggested in the original site. From one perspective, the need for users having to access other sites can be narrowed, in a sense, to multiple servers (supporting, for example, HTTP/1.0 protocol) within a single enterprise or private entity. For example, a software engineer wanting access to three different developer sites on the company's intranet must log onto each site separately every time the engineer visits a different site. Yet, from another perspective, the need to access various “sites” can be expanded to include smart devices. For example, such devices can be items in a hotel room such as the lock to the door, the telephone, cable box, computer, etc. Presently, a guest arriving in a room equipped with such devices must somehow identify himself to each of the devices in order to activate or use them, such as speaking with a hotel operator to make a long distance call or making another call to watch a movie over cable.
Regardless of what type of site is at issue, the need to repeatedly log on or somehow identify oneself to multiple sites can become cumbersome and inefficient. This is seen as particularly frustrating and unnecessary to users in contexts where the sites are in one domain or system and should be capable sharing user session data. The term “domain” is not limited to an Internet domain, such as eng.sun.com or sun.com, but can include other types of physically or logically grouped entities or devices capable of communicating data via a recognizable protocol. Returning to the previous point, the software engineer likely has a user profile in an enterprise-wide user database that should be accessible by all three developmental sites. Thus, by logging onto one site, the other two sites should know who the user is through some type of “behind the scenes” process. Similarly, once a hotel guest unlocks the door, a user identifier is transmitted downloaded to door lock device, for example through a Java™ ring worn by the guest, should be accessible by the telephone or other devices in the room unlocked by the guest.
Presently, models and systems exist that allow a user to logon to a site or server once and not have to repeat the logon process for other sites in the same domain or system. However, this domain or system is defined in one respect by the fact that sites in the domain share a central repository of information which stores profiles of each user and other data needed so that the user should not have to logon to each site. However, having a single repository of data, whether on one server or distributed, creates a single point of failure for the entire domain. If the repository experiences a shutdown or is disrupted in some manner, all users logged on to all sites in the domain will very likely be affected. Having such a single point that can lead to system-wide disruption should be avoided if possible. As systems, networks, including the Internet, and other models (e.g., the hotel room) are developed, it will be increasingly important to prevent disruptions in service for all users or sites if an isolated problem arises.
Therefore, it would be desirable to enable a user having logged onto one site, such as a Web site or a smart device, thereby creating a session to access other sites in the same domain without having to repeatedly log onto the other sites. Such a process should take into consideration authentication and security issues among the sites. It would also be desirable to have a flexible, distributed process in which there is no central repository thereby avoiding a single point of failure. In other words, it would be desirable for a system to have distributed failure points achieved through session management distributed among the sites.