Delegation of authority for users of sign-on service
First Claim
1. A computer-implemented method comprising:
- receiving, by one or more computing systems providing a first service, a credential provided by an access manager system for a user that is interacting with the first service and that has performed sign-on activities with the access manager system, wherein the credential represents authority granted from the access manager system to perform subsequent interactions with the access manager system on behalf of the user;
sending, by the one or more computing systems over one or more computer networks to a second service, instructions from the first service for the second service to provide functionality for the user, wherein the functionality is based at least in part on delegation, from the first service to the second service, of at least some of the authority granted from the access manager system for the subsequent interactions with the access manager system on behalf of the user, and wherein the sending of the instructions includes sending the credential from the first service to the second service and is initiated by one or more interactions of the user with the first service; and
performing, by the one or more computing systems, and after the second service provides the functionality for the user based at least in part on the authority delegated from the first service to the second service by using the sent credential to interact with the access manager system on behalf of the user, one or more additional interactions with the user based at least in part on the provided functionality.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services'"'"' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc., and with the customizations that are available being determined specifically for that service.
-
Citations
10 Claims
-
1. A computer-implemented method comprising:
-
receiving, by one or more computing systems providing a first service, a credential provided by an access manager system for a user that is interacting with the first service and that has performed sign-on activities with the access manager system, wherein the credential represents authority granted from the access manager system to perform subsequent interactions with the access manager system on behalf of the user; sending, by the one or more computing systems over one or more computer networks to a second service, instructions from the first service for the second service to provide functionality for the user, wherein the functionality is based at least in part on delegation, from the first service to the second service, of at least some of the authority granted from the access manager system for the subsequent interactions with the access manager system on behalf of the user, and wherein the sending of the instructions includes sending the credential from the first service to the second service and is initiated by one or more interactions of the user with the first service; and performing, by the one or more computing systems, and after the second service provides the functionality for the user based at least in part on the authority delegated from the first service to the second service by using the sent credential to interact with the access manager system on behalf of the user, one or more additional interactions with the user based at least in part on the provided functionality. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable medium having stored contents that cause a computing system of an access manager system to:
-
authorize, by the computing system, a user based on identifying information that is received for the user; provide, by the computing system, a credential to a first service that is a customer of the access manager system, wherein the user is interacting with the first service, and wherein the credential is provided by the access manager system to represent authority granted from the access manager system to perform subsequent interactions with the access manager system on behalf of the user; receive, by the computing system and after the providing of the credential, a request from a second service to use stored information for the user accessible to the access manager system, wherein the received request includes the credential; determine, by the computing system, that the second service is authorized to receive a delegation of at least some of the authority from the first service to enable use of the stored information for the user; and send, by the computing system and based on the credential included in the received request and the delegation of the at least some authority, a response over one or more computer networks to the second service that is based on the stored information for the user. - View Dependent Claims (8, 9, 10)
-
Specification