Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment

I claim: 1. A method for enforcing a digital rights management (DRM) scheme associated with a piece of content, wherein an identity provider entity together with a service provider entity participate in a federation, comprising: at an identity provider entity that includes a hardware element: upon authentication of the end user to the identity provider entity, receiving a request to single sign-on to the service provider entity to attempt to obtain the piece of content; during processing of the request to single sign-on to the service provider entity, determining a DRM policy that is enforced at the service provider entity, determining a set of one or more DRM privileges associated with the end user requesting access to the piece of content, and based on the DRM policy and the set of one or more DRM privileges so determined, evaluating against the DRM policy the set of one or more DRM privileges, wherein the evaluating step is carried out using the hardware element; during processing of the request to single sign-on to the service provider entity, based on the authentication of the end user and a result of the evaluation, generating a single sign-on message that includes a reference to the set of one or more DRM privileges associated with the end user requesting access to the piece of content, wherein the single sign-on message is generated using the hardware element; and forwarding to the service provider entity the single sign-on message that includes the reference to the set of one or more DRM privileges to complete the processing of the request to single sign-on to the service provider entity, wherein the single sign-on message is forwarded from the identity provider entity to the service provider entity via a redirection mechanism; wherein evaluating DRM policy based on the determined DRM privileges during the single sign-on request processing flow provides an improved identity provider entity. 2. The method as described in claim 1 wherein the DRM policy is available locally at the identity provider entity. 3. The method as described in claim 1 wherein, when the DRM policy is not available locally at the identity provider entity, the method further includes the steps of: generating a DRM policy evaluation request that includes the set of one or more DRM privileges; forwarding the DRM policy evaluation request to an entity in the federation; and receiving a response to the DRM policy evaluation request. 4. The method as described in claim 3 wherein the response to DRM policy evaluation request indicates that access to the given piece of content is permitted. 5. The method as described in claim 1 wherein the set of one or more DRM privileges are available locally at the identity provider entity. 6. The method as described in claim 1 wherein, when the set of one or more DRM privileges are not available locally at the identity provider entity, the method further includes obtaining the set of one or more DRM privileges from an entity in the federation. 7. The method as described in claim 1 wherein, when the set of one or more DRM privileges are not available locally at the identity provider entity, the method further includes obtaining the set of one or more DRM privileges from the user. 8. The method as described in claim 7 wherein the set of one of more DRM privileges are obtained from the user directly. 9. The method as described in claim 7 wherein the set of one or more DRM privileges are obtained by having user cause a third entity to provide the set of one or more DRM privileges to the identity provider. 10. The method as described in claim 1 further including: receiving the set of one or more DRM privileges from a third entity in the federation; generating a DRM policy evaluation request that includes the set of one or more DRM privileges; forwarding the DRM policy evaluation request to a fourth entity in the federation; and receiving a response to the DRM policy evaluation request from the fourth entity. 11. The method as described in claim 10 wherein the third entity provides a service of managing the set of one or more DRM privileges on behalf of users within the federation. 12. The method as described in claim 10 wherein the fourth entity provides a service of managing DRM policy within the federation. 13. The method as described in claim 10 wherein the third and fourth entity are a single entity within the federation that manages the set of one or more DRM privileges on behalf of users and also manages DRM policy within the federation. 14. The method as described in claim 1 wherein the message includes a pointer to an assertion containing the set of one or more DRM privileges associated with the end user, and wherein the identity provider requests an exchange of the pointer for the assertion to obtain the set of one or more DRM privileges. 15. The method as described in claim 1 wherein the piece of content has an associated DRM license, distinct from the DRM privileges, the DRM license comprising a decryption key, a set of rights, and an identifier of a device associated with the end user and upon which the piece of content is permitted to be rendered.