Authentication and authorization across autonomous network systems

Assignee

• Microsoft Corporation · US

Inventors

• Donald Schmidt · Redmond, US
• Clifford P. Van Dyke · Bellevue, US
• Paul J. Leach · Seattle, US
• Praerit Garg · Kirkland, US
• Murli Satagopan · Kirkland, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/083
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An enterprise network architecture has a trust link established between two autonomous network systems that enables transitive resource access between network domains of the two network systems. The trust link is defined by data structures maintained by each of the respective network systems. The first network system maintains namespaces that correspond to the second network system and a domain controller in the first network system, or a first network system administrator, indicates whether to trust individual namespaces. An account managed by a domain in the second network system can request authentication via a domain controller in the first network system. The first network system determines from the trust link to communicate the authentication request to the second network system. The first network system also determines from the trust link where to communicate authorization requests when administrators manage group memberships and access control lists.