User e.g. employee, authenticating method for accessing service e.g. product, involves verifying that identity level relative to user`s earlier authentication is stored with identity provider, and granting access authorization to user

摘要

The method involves verifying that an identity level relative to an earlier authentication of a user (33) is stored with an identity provider (32), and granting a service access authorization to the user if an required identity level is less than the stored level. An authentication of the user having the required level is requested and the stored level is replaced with the required level if the user is authenticated by the identity provider in order to grant the authorization to the user if the required level is less than the stored level or if no user authentication is available. Independent claims are also included for the following: (1) a tree architecture for organizing in hierarchy a set of identity levels of an entity among a group of entities (2) a device authenticating a user for accessing a service from a service provider (3) a device for requesting authentication by a service provider (4) a computer program product comprising program code instructions for implementing steps of a user authentication method (5) a signal for asserting authentication intended for exchanging an access request for a service between an identity provider and a service provider (6) a signal for requesting authentication intended for exchanging an access request for a service between an identity provider and a service provider.