CLAIMS:
1. A method comprising:
receiving, at a service provider, an account recovery request ;
sending a request for a first account recovery token to an identity management system;
receiving the first account recovery token from said identity management system;
comparing the received first account recovery token with one or more second account recovery tokens to which the service provider has access; and
in the event that one of said one or more second account recovery tokens matches said first account recovery token, recovering a user account associated with said one of said one or more second account recovery tokens.
2. A method as claimed in claim 1, wherein recovering the user account comprises prompting the user to reset a credential for the user account.
3. A method as claimed in claim 1 or claim 2, wherein re-covering the user account comprises informing the user of at least some credentials for the user account.
4. A method as claimed in any one of claims 1 to 3, further comprising prompting the user to identify the identity management system.
5. A method as claimed in any preceding claim, wherein the account recovery request is initiated by a user.
6. A method as claimed in claim 5, wherein the request a first account recovery token identifies the said user.
7. A method as claimed in claim 5 or claim 6, wherein the request for a first account recovery token is sent to the identity management system via the user.
8. A method comprising:
receiving, at an identity management system, a request for a first account recovery token associated with a user;
authenticating the user;
retrieving the first account recovery token based on the identity of the user and based on the identity of a service provider requesting said first account recovery token; and
sending the retrieved first account recovery token in response to said request.
9. A method as claimed in claim 8, wherein the request for a first account recovery token identifies said user.
10. A method as claimed in claim 8 or claim 9, wherein the request for a first account recovery token is sent from a service provider to the identity management system via the user using redirection.
11. A method as claimed in any preceding claim, wherein the first account recovery token is created as part of an account setup procedure.
12. An apparatus comprising:
a first input configured to receive an account recovery request;
a first output configured to send a request for a first account recovery token to an identity management system; a second input configured to receive the first account recovery token from said identity management system;
a first processor configured to compare the first account recovery token with one or more second account recovery tokens to which the service provider has access; and
a second processor configured, in the event that one of said one or more second account recovery tokens matches said first account recovery token, to recover a user account associated with said one of said one or more second account recovery tokens.
13. An apparatus comprising:
a first input configured to receive a request for a first account recovery token associated with a user;
a first processor configured to authenticate said user; a second processor configured to retrieve the first account recovery token based on the identity of the user and based on the identity of a service provider requesting said first account recovery token; and
a first output configured to send said retrieved first account recovery token in response to said request.
14. A computer program product comprising:
means for receiving, at a service provider, an account recovery request;
means for sending a request for a first account recovery token to an identity management system;
means for receiving the first account recovery token from said identity management system;
means for comparing the received first account recovery token with one or more second account recovery tokens to which the service provider has access; and
means for recovering, in the event that one of said one or more second account recovery tokens matches said first ac- count recovery token, a user account associated with said one of said one or more second account recovery tokens .
15. A computer program product comprising:
means for receiving, at an identity management system, a request for a first account recovery token associated with a user;
means for authenticating a user;
means for retrieving the first account recovery token based on the identity of the user and based on the identity of a service provider requesting said first account recovery token; and
means for sending said retrieved first account recovery token in response to said request.