For instance, application 620 is shown as providing the token request and the identity claim (“R”) to host identity policy host 602. The provided identity claim is used by policy executor 614 for verification thereof, e.g., as described in flowchart 400 of FIG. 4. For example, policy executor 614 may provide the identity claim to one or more of verification providers 616. Verification providers 616 may include local account IdPs, social network IdPs, MFAs, email validators, user input validators, REST APIs, token issuers, user directories (which may include user graphs 618), and/or the like as described herein. The identity claim is provided as verification provider input (“R”), and an output response claim (“C”) is returned to policy executor 614. In embodiments, additional identity information and/or attributes may be provided in response claims from verification providers. Policy executor 614 is then configured to verify the identity claim against the response claim.
In some embodiments, one or more of verification providers may be external to the domain or system of identity policy host 602, and external, third-party verification providers 624 (which may be an embodiment of verification provider(s) 114 in FIG. 1) may be also be utilized depending on how the identity policy is defined.
