Scope-based certificate deployment
First Claim
1. A method of operating a front-end access server to facilitate scope-based certificate deployment in a multi-tenant cloud-based content service, the method comprising:
- receiving a request for authentication including metadata from an access system;
extracting the metadata from the authentication request;
processing the metadata to identify a tenant associated with the request for authentication;
accessing a tenant-specific certificate associated with the tenant;
accessing a set of global certificates shared among tenants in the multi-tenant cloud-based content service; and
responsive to the request for authentication, providing to the access system, the tenant-specific certificate for validation by a third-party certificate authority and one or more of the set of global certificates for accessing one or more corresponding back-end services,wherein the tenant-specific certificate is provided to the front-end access server and scoped prior to receiving the request for authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
The techniques described herein facilitate scope-based certificate deployment for secure dedicated tenant access in multi-tenant, cloud-based content and collaboration environments. In some embodiments, a method is described that includes receiving an incoming authentication request from an access system, wherein the authentication request includes metadata, extracting the metadata from the authentication request, and processing the metadata to identify a tenant corresponding to the request. A tenant-specific certificate associated with the tenant is then accessed and provided to the access system for validation by a third-party certificate authority.
26 Citations
20 Claims
-
1. A method of operating a front-end access server to facilitate scope-based certificate deployment in a multi-tenant cloud-based content service, the method comprising:
-
receiving a request for authentication including metadata from an access system; extracting the metadata from the authentication request; processing the metadata to identify a tenant associated with the request for authentication; accessing a tenant-specific certificate associated with the tenant; accessing a set of global certificates shared among tenants in the multi-tenant cloud-based content service; and responsive to the request for authentication, providing to the access system, the tenant-specific certificate for validation by a third-party certificate authority and one or more of the set of global certificates for accessing one or more corresponding back-end services, wherein the tenant-specific certificate is provided to the front-end access server and scoped prior to receiving the request for authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable storage medium having program instructions stored thereon which, when executed by one or more processors, cause the one or more processors to:
-
trigger an interrupt responsive to receiving a request for authentication from an access system, wherein the authentication request includes metadata; extract the metadata from the authentication request; process the metadata to identify a tenant associated with the request; and access a tenant-specific certificate associated with the tenant and a set of global certificates shared among tenants in a multi-tenant cloud-based content service. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of operating a front-end access server to facilitate scope-based certificate deployment in a multi-tenant cloud-based content service, the method comprising:
-
receiving a request for authentication from an access system, wherein the request includes metadata; extracting the metadata from the request; processing the metadata to identify a scope-based certificate corresponding to the request, wherein the scope-based certificate has a scope within the multi-tenant cloud-based content service; accessing the scope-based certificate and a set of global certificates shared among tenants in the multi-tenant cloud-based content service; and responsive to receiving the request for authentication, providing to the access system, the scope-based certificate for validation by a third-party certificate authority and one or more of the set of global certificates, wherein the set of global certificates are provided for accessing a set of back-end services. - View Dependent Claims (19, 20)
-
Specification