1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for multicomputer data transferring. Still more particularly, the present invention is directed to networked computer systems.
2. Description of Related Art
To reduce the costs of user management and to improve interoperability among enterprises, federated computing spaces have been created. A federation is a loosely coupled affiliation of enterprises which adhere to certain standards of interoperability; the federation provides a mechanism for trust among those enterprises with respect to certain computational operations for the users within the federation. For example, a federation partner may act as a user's home domain or identity provider. Other partners within the same federation may rely on the user's identity provider for primary management of the user's authentication credentials, e.g., accepting a single-sign-on token that is provided by the user's identity provider.
As enterprises move to support federated business interactions, these enterprises should provide a user experience that reflects the increased cooperation between two businesses and minimizes the operational burdens of a user. Within these federations, these enterprises have begun to interoperate to support a variety of federation protocols of which a user may be unaware or may be only minimally aware. For example, federated enterprises may perform various types of operations for user account management, such as managing a user-specific alias identifier, that might require minimal interaction with the user to complete an operation. The federated enterprises should cooperate to an extent that the user is not confused or overburdened with knowledge of the underlying mechanism by which such types of operations are coordinated.
For example, a user may authenticate to one party that acts as an identity provider and then single-sign-on to a federated business partner that acts as a service provider. In conjunction with this single-sign-on functionality, additional user lifecycle functionality, such as account linking/de-linking and single-sign-off, should also be supported, particularly in a manner such that this federated user lifecycle management (FULM) functionality is not burdensome to either party.
However, current federated user lifecycle management functionality does not accommodate the types of lifecycle functionality that may be required by the advanced interactions of many enterprises. For example, the FTN profile within the Liberty Alliance specifications accomplishes an account delinking operation by simply breaking the link between an identity provider and a service provider. This type of solution does not allow for a “loosely coupled” environment with ease for migrating user relationships between partners within a federation.
Therefore, it would be advantageous to implement a federated enterprise and its computational infrastructure such that it allows for software-enabled establishment of federation relationships between federation partners along with the management of those federation relationships.