Enforcing data privacy policies for federated applications

Assignee

• International Business Machines Corporation · US

Inventors

• Vivek Shankar · Singapore, SG
• Jose Rodriguez · Austin, US
• Weide Victor Soon · Singapore, SG
• Adrian R. Sasmita · Singapore, SG

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/31
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Embodiments herein describe a pattern or syntax that can be used to convey or express the reason or purpose for a service provider to request user data in an identity federation. A service provider can request user data from the identity provider using an authentication process. If the authentication process is successful, the identity provider provides an authorization token to the service provider which it can use to retrieve the user data. The embodiments herein obtain user consent in the same authentication process used to provide the authorization token. In order to do so, the embodiments herein introduce a pattern or syntax that the service provider uses to convey the purpose for which it wants to use the user data to the identity provider.