Uniformly accessing federated user registry topologies

US 10,339,153 B2
Filed: 04/12/2016
Issued: 07/02/2019
Est. Priority Date: 04/12/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for standardizing identity management applications to interface seamlessly with an identity management system to facilitate a migration onto a cloud computing environment, the computer-implemented method comprising:

providing, by one or more processors, a first schema extension to an identity management system and a bridge component to an identity management application, wherein the bridge component delegates calls to and receives responses from one or more user registries and allows user registries to connect to the identity management application dynamically at run-time, and comprises a second schema extension to the identity management application, wherein the second schema extension extends a schema of the identity management application to enable one or more users to store data in unused fields in a Lightweight Directory Access Protocol (LDAP) user registry, and to enable the creation of additional data fields in the LDAP user registry wherein newly created and existing properties can be stored;

receiving, by the one or more processors, a request from an end user in a first data format associated with the identity management system;

converting, by the one or more processors, the request from the first data format into a second data format associated with the identity management application and compatible with an application programming interface (API) provided by the identity management application;

sending, by the one or more processors, the request in the second data format to the identity management application, through the API, for execution;

receiving, by the one or more processors, a response in the second data format from the identity management application to the request in the second data format;

converting, by the one or more processors, the response from the second data format into the first data format that is compatible with the identity management system, wherein the converted data is input into appropriate data entry fields in the identity management application via a data mapper and executing the converted request in the identity management application, wherein the converted data comprises a request made by the one or more end users through the identity management system enabling the identity management applications to interface seamlessly with the identity management system to facilitate a migration onto a cloud computing environment by enabling the use of identity management applications through the identity management system, without writing program code instructions for applications to interface with APIs provided by cloud platform vendors, making the applications portable across different cloud platforms; and

returning, by the one or more processors, the converted data enabling applications to be portable across different cloud platforms associated with the response via the identity management system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for standardizing access to user registries, the approach involving providing a first schema extension to an identity management system and a bridge component to an identity management application wherein the bridge component comprises a second schema extension to the identity management application, receiving a request in a first data format associated with the identity management system, converting the request into a second data format associated with the identity management application and executing the request in the identity management application, receiving a response to the request in the second data format, converting the response into the first data format and returning the response to an end user via the identity management system.

Citations

15 Claims

1. A computer-implemented method for standardizing identity management applications to interface seamlessly with an identity management system to facilitate a migration onto a cloud computing environment, the computer-implemented method comprising:
- providing, by one or more processors, a first schema extension to an identity management system and a bridge component to an identity management application, wherein the bridge component delegates calls to and receives responses from one or more user registries and allows user registries to connect to the identity management application dynamically at run-time, and comprises a second schema extension to the identity management application, wherein the second schema extension extends a schema of the identity management application to enable one or more users to store data in unused fields in a Lightweight Directory Access Protocol (LDAP) user registry, and to enable the creation of additional data fields in the LDAP user registry wherein newly created and existing properties can be stored;
  
  receiving, by the one or more processors, a request from an end user in a first data format associated with the identity management system;
  
  converting, by the one or more processors, the request from the first data format into a second data format associated with the identity management application and compatible with an application programming interface (API) provided by the identity management application;
  
  sending, by the one or more processors, the request in the second data format to the identity management application, through the API, for execution;
  
  receiving, by the one or more processors, a response in the second data format from the identity management application to the request in the second data format;
  
  converting, by the one or more processors, the response from the second data format into the first data format that is compatible with the identity management system, wherein the converted data is input into appropriate data entry fields in the identity management application via a data mapper and executing the converted request in the identity management application, wherein the converted data comprises a request made by the one or more end users through the identity management system enabling the identity management applications to interface seamlessly with the identity management system to facilitate a migration onto a cloud computing environment by enabling the use of identity management applications through the identity management system, without writing program code instructions for applications to interface with APIs provided by cloud platform vendors, making the applications portable across different cloud platforms; and
  
  returning, by the one or more processors, the converted data enabling applications to be portable across different cloud platforms associated with the response via the identity management system.
- View Dependent Claims (2, 3, 10, 13)
- - 2. The computer-implemented method of claim 1, wherein converting the request comprises mapping data into an application programming interface provided by the identity management application.
  - 3. The computer-implemented method of claim 1, wherein standardizing access to user registries is provided as a service in a cloud environment.
  - 10. The computer-implemented method of claim 1, wherein the identity management application is a repository for communicating with one or more user registries, the first schema extension enables the one or more end users to submit a request in the identity management system which is directed to a subset of the one or more user registries, and the second schema extension enables a custom configuration of the one or more user registries and additional properties to be added to a user data and a group data associated with the identity management application.
  - 13. The computer-implemented method of claim 1, wherein the request comprises:
    - a request for authentication, a request for a retrieval of individual user data and group data, and a request to edit the individual user data and the individual group data.

4. A computer program product for standardizing identity management applications to interface seamlessly with an identity management system to facilitate a migration onto a cloud computing environment, the computer program product comprising:
- one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising;
  
  program instructions to provide a first schema extension to an identity management system and a bridge component to an identity management application, wherein the bridge component delegates calls to and receives responses from one or more user registries and allows user registries to connect to the identity management application dynamically at run-time, and comprises a second schema extension to the identity management application, wherein the second schema extension extends a schema of the identity management application to enable one or more users to store data in unused fields in a Lightweight Directory Access Protocol (LDAP) user registry, and to enable the creation of additional data fields in the LDAP user registry wherein newly created and existing properties can be stored;
  
  program instructions to receive a request in a first data format associated with the identity management system;
  
  program instructions to convert the request from the first data format into a second data format associated with the identity management application and is compatible with an application programming interfaces (APIs) provided by the identity management application;
  
  program instructions to send the request in the second data format to the identity management application, through the API, for execution;
  
  program instructions to receive a response in the second data format from the identity management application to the request in the second data format;
  
  program instructions to convert the response from the second data format into the first data format that is compatible with the identity management system, wherein the converted data is input into appropriate data entry fields in the identity management application via a data mapper and program instructions to execute the converted request in the identity management application, wherein the converted data comprises a request made by the one or more end users through the identity management system enabling the identity management applications to interface seamlessly with the identity management system to facilitate a migration onto a cloud computing environment by enabling the use of identity management applications through the identity management system, without writing program code instructions for applications to interface with APIs provided by cloud platform vendors, making the applications portable across different cloud platforms; and
  
  program instructions to return the converted data enabling applications to be portable across different cloud platforms associated with the response via the identity management system.
- View Dependent Claims (5, 6, 11, 14)
- - 5. The computer program product of claim 4, wherein the program instructions to convert the request comprise mapping data into an application programming interface provided by the identity management application.
  - 6. The computer program product of claim 4, wherein standardizing access to user registries is provided as a service in a cloud environment.
  - 11. The computer program product of claim 4, wherein the identity management application is a repository for communicating with one or more user registries, the first schema extension enables the one or more end users to submit a request in the identity management system which is directed to a subset of the one or more user registries, and the second schema extension enables a custom configuration of the one or more user registries and additional properties to be added to a user data and a group data associated with the identity management application.
  - 14. The computer program product of claim 4, wherein the request comprises:
    - a request for authentication, a request for a retrieval of individual user data and group data, and a request to edit the individual user data and the individual group data.

7. A computer system for standardizing access to user registries, the computer system comprising:
- one or more computer processors;
  
  one or more computer readable storage media;
  
  program instructions stored on the one or more computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising;
  
  program instructions to provide a first schema extension to an identity management system and a bridge component to an identity management application, wherein the bridge component delegates calls to and receive responses from one or more user registries and allows user registries to connect to the identity management application dynamically at run-time, and comprises a second schema extension to the identity management application, wherein the second schema extension extends a schema of the identity management application to enable one or more users to store data in unused fields in a Lightweight Directory Access Protocol (LDAP) user registry, and to enable the creation of additional data fields in the LDAP user registry wherein newly created and existing properties can be stored;
  
  program instructions to receive a request in a first data format associated with the identity management system;
  
  program instructions to convert the request from the first data format into a second data format associated with the identity management application and is compatible with an application programming interfaces (APIs) provided by the identity management application;
  
  program instructions to send the request in the second data format to the identity management application, through the API, for execution;
  
  program instructions to receive a response in the second data format from the identity management application to the request in the second data format;
  
  program instructions to convert the response from the second data format into the first data format that is compatible with the identity management system, wherein the converted data is input into appropriate data entry fields in the identity management application via a data mapper and program instructions to execute the converted request in the identity management application, wherein the converted data comprises a request made by the one or more end users through the identity management system enabling the identity management applications to interface seamlessly with the identity management system to facilitate a migration onto a cloud computing environment by enabling the use of identity management applications through the identity management system, without writing program code instructions for applications to interface with APIs provided by cloud platform vendors, making the applications portable across different cloud platforms; and
  
  program instructions to return the converted data enabling applications to be portable across different cloud platforms associated with the response via the identity management system.
- View Dependent Claims (8, 9, 12, 15)
- - 8. The computer system of claim 7, wherein the program instructions to convert the request comprise mapping data into an application programming interface provided by the identity management application.
  - 9. The computer system of claim 7, wherein standardizing access to user registries is provided as a service in a cloud environment.
  - 12. The computer system of claim 7, wherein the identity management application is a repository for communicating with one or more user registries, the first schema extension enables the one or more end users to submit a request in the identity management system which is directed to a subset of the one or more user registries, and the second schema extension enables a custom configuration of the one or more user registries and additional properties to be added to a user data and a group data associated with the identity management application.
  - 15. The computer system of claim 7, wherein the request comprises:
    - a request for authentication, a request for a retrieval of individual user data and group data, and a request to edit the individual user data and the individual group data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kurian, John, Mathew George, Sunil, Zunzarrao, Rohan S.
Primary Examiner(s)
Kanaan, Simon P

Application Number

US15/096,316
Publication Number

US 20170295184A1
Time in Patent Office

1,176 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/258 Data format conversion from...

H04L 63/10 for controlling access to d...

Uniformly accessing federated user registry topologies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Uniformly accessing federated user registry topologies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links