1. Field of the Invention
This invention relates to online user identification, authentication, and authorization systems and methods, and especially to cross-domain log on technologies and technologies which create and manage virtual communities of online users.
2. Description of the Related Art
Each Internet user is served by a “home domain”, which is a domain in which a user is “registered”. A user typically “logs in” to his or her home domain using a user ID or name and password. Then, after successfully completing a log in process, the user is allowed to access secured information and resources within the home domain to which the user is entitled to access or use according to the user's account definition. The user, then, has a ‘long term relationship’ with his or her home domain.
In addition, the home domain itself may have ‘long term’ relationships with other domains. For example, a search engine web site provider may maintain a long term relationship with a service provider, such as an online insurance quote provider. This is a typical characteristic especially for business-to-business (“B2B”) and e-community domains, where one domain (e.g. the home domain) is responsible for user registration issues, including such issues as help desk support and password management.
Often, a user will access resources in different (“participating”) domains on behalf of their home domain. In some instances, the user will have to resubmit to a log in or authentication process as he or she moves from the home domain to another domain.
To address this problem, the related patent application described a method to allow a user to transfer to another participating, secure domain without having to re-authenticate to this second domain. This process was referred to as “cross-domain single-sign-on”.
The drawback with the method described in the related patent application is that a user can only transfer to a participating domain directly from the user's home domain, and not across from one participating domain to another participating domain. While being of some usefulness to the user, this process effectively requires the user to return to the home domain before proceeding to another participating domain rather than going directly to the other participating domain.
Still other available solutions to this problem do not allow for a “long term” relationship with a domain that is not the home domain in which a user is registered or initially authenticates. These other solutions require a user to transfer to a new domain via the user's authenticating domain, usually by triggering a hypertext transfer protocol (“HTTP”) redirection to the new domain.
Therefore, there is a need in the art for a cross-domain single-sign-on system and method which allows an Internet user to establish a long-term relationship with participating domains, and which gives the user the ability to go directly to participating domains, via bookmarks or direct URL's for example, without having to go through a home domain first. Further, there is a need in the art for this new system and method to provide a simple user experience wherein the user does not need to know anything about the e-community in which he or she is participating. Another advantage of the approach proposed in this invention is that it is easy to implement, easy to use, and provides a secure method of cross-domain single-sign-on functionality.