Protocol-level identity mapping
First Claim
1. A method, comprising:
- intercepting, by an identity mapping system, a user request submitted from a client device through an application program to a distributed computing system that provides a plurality of services, the user request being associated with user credentials, wherein the identity mapping system intercepts the user request at a protocol level that is outside of the application program;
determining, by the identity mapping system, a user protocol in which the client device submitted the user request;
authenticating the user request based on the user credentials;
upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access;
determining service credentials associated with the service;
generating a service request by the identity mapping system, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request; and
submitting the service request by the identity mapping system to the distributed computing system, wherein the identity mapping system includes one or more computer processors.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, computer program products and methods implementing protocol-level mapping are described. An identity mapping system intercepts a request from a client device to a distributed computing system. The identity mapping system determines a first protocol of the request. The identity mapping system determines user credentials associated with the request. The identity mapping system authenticates the request based on the user credentials. The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system, including associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.
-
Citations
20 Claims
-
1. A method, comprising:
-
intercepting, by an identity mapping system, a user request submitted from a client device through an application program to a distributed computing system that provides a plurality of services, the user request being associated with user credentials, wherein the identity mapping system intercepts the user request at a protocol level that is outside of the application program; determining, by the identity mapping system, a user protocol in which the client device submitted the user request; authenticating the user request based on the user credentials; upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access; determining service credentials associated with the service; generating a service request by the identity mapping system, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request; and submitting the service request by the identity mapping system to the distributed computing system, wherein the identity mapping system includes one or more computer processors. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium storing instructions executable by an identity mapping system and upon such execution cause the identity mapping system to perform operations comprising:
-
intercepting a user request submitted from a client device through an application program to a distributed computing system that provides a plurality of services, the user request being associated with user credentials, wherein the user request is being intercepted at a protocol level that is outside of the application program; determining a user protocol in which the client device submitted the user request; authenticating the user request based on the user credentials; upon successfully authenticating the user request, determining a service of the services that the user request is authorized to access; determining service credentials associated with the service; generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request; and submitting the service request by to the distributed computing system, wherein the identity mapping system includes one or more computer processors. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An identity mapping system comprising:
-
one or more computers; and one or more storage devices on which are stored instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; intercepting a user request submitted from a client device through an application program to a distributed computing system that provides a plurality of services, the user request being associated with user credentials, wherein the user request is being intercepted at a protocol level that is outside of the application program; determining a user protocol in which the client device submitted the user request; authenticating the user request based on the user credentials; upon successfully authenticating the user request, determining a service of the services that the user request is authorized to access; determining service credentials associated with the service; generating a service request, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request; and submitting the service request to the distributed computing system. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification