1. Field of the Invention
The present invention is directed to technology for using a proxy in an Identity System.
2. Description of the Related Art
With the growth of the Internet, the use of networks and other information technologies, Identity Systems have become more popular. In general, an Identity System provides for the creation, removal, editing and other managing of identity information stored in various types of data stores. The identity information pertains to users, groups, organizations and/or things. For each entry in the data store, a set of attributes are stored. For example, the attributes stored for a user may include a name, address, employee number, telephone number, email address, user ID and password. The Identity System can also manage access privileges that govern what an entity can view, create, modify or use in the Identity System. Often, this management of access privileges is based on one or more specific attributes, membership in a group and/or association with an organization.
Typically, an Identity System will have a set of Administrators to support and maintain the Identity System. For example, these Administrators can configure the Identity System, create new objects, delete objects, fix problems, update data, update keys for encryption, obtain and maintain certificates, and other on-going maintenance issues. Many Identity Systems are implemented with a large data store that is accessed by many entities on a daily basis. Thus, the Administrators play a vital and continuing role in the operation of the Identity System.
While there is a constant need for Administrators to perform maintenance and other tasks on the Identity System, the Administrators are not always available. For example, Administrators take vacations, travel for business, get sick or have other duties. Thus, there is a need to provide a means for administrative tasks to be performed on an Identity System, or other system, when an Administrator is not available.
In prior systems, other than Identity Systems, temporary or substitute Administrators can log into a system using the ID and password of the Administrator who is currently unavailable. Once logged in, the temporary or substitute Administrator can perform the tasks of the Administrator who is currently unavailable. One drawback of such a system is that the temporary or substitute Administrator must know the password for the Administrator who is currently unavailable, which comprises security of the Identity System.