Caching framework for a multi-tenant identity and data security management cloud service

US 10,735,394 B2
Filed: 07/27/2017
Issued: 08/04/2020
Est. Priority Date: 08/05/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by one or more processors, cause the processors to provide cloud-based identity and access management, the providing comprising:

receiving a request from a client for a resource, the request comprising a call to a first Application Programming Interface (API) that identifies a first microservice, the resource comprising metadata;

authenticating the request;

accessing the first microservice of a plurality of microservices based on the request, the first microservice comprising a remote API proxy and a near cache, wherein the near cache is local to the first microservice and fronts a remote cache;

determining, by the remote API proxy, whether the resource is indicated as cacheable based on the metadata, and if cacheable whether the resource is cached in the near cache or in the remote cache, wherein the remote cache is external of the first microservice and the remote API proxy establishes a connection with the remote cache;

in response to determining the resource is indicated as cacheable in the near cache, retrieving the resource from the near cache or from the remote cache when the resource is cached;

calling an administration microservice to obtain the resource when the resource is not cached, wherein the administration microservice is a different microservice than the first microservice; and

providing the resource to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides cloud-based identity and access management. The system receives a request from a client for a resource, authenticates the request, and accesses a microservice based on the request. The system determines, by the microservice, whether the resource is cached in a near cache or in a remote cache, retrieves the resource from the near cache or from the remote cache when the resource is cached, and calls an administration microservice to obtain the resource when the resource is not cached. The system then provides the resource to the client.

Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by one or more processors, cause the processors to provide cloud-based identity and access management, the providing comprising:
- receiving a request from a client for a resource, the request comprising a call to a first Application Programming Interface (API) that identifies a first microservice, the resource comprising metadata;
  
  authenticating the request;
  
  accessing the first microservice of a plurality of microservices based on the request, the first microservice comprising a remote API proxy and a near cache, wherein the near cache is local to the first microservice and fronts a remote cache;
  
  determining, by the remote API proxy, whether the resource is indicated as cacheable based on the metadata, and if cacheable whether the resource is cached in the near cache or in the remote cache, wherein the remote cache is external of the first microservice and the remote API proxy establishes a connection with the remote cache;
  
  in response to determining the resource is indicated as cacheable in the near cache, retrieving the resource from the near cache or from the remote cache when the resource is cached;
  
  calling an administration microservice to obtain the resource when the resource is not cached, wherein the administration microservice is a different microservice than the first microservice; and
  
  providing the resource to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer readable medium of claim 1, wherein the request comprises a Hypertext Transfer Protocol (HTTP) request, wherein the client comprises a Representational State Transfer (REST) client, wherein the administration microservice comprises a System for Cross-domain Identity Management (SCIM) microservice, wherein the providing comprises sending a JavaScript Object Notation (JSON) response payload.
  - 3. The computer readable medium of claim 1, wherein the first microservice is stateless, wherein the remote cache comprises a distributed data grid, wherein the remote cache and the first microservice are configured to scale independently of one another.
  - 4. The computer readable medium of claim 1, wherein the first microservice is implemented by a virtual machine.
  - 5. The computer readable medium of claim 1, wherein the remote API proxy emulates a functionality of the administration microservice.
  - 6. The computer readable medium of claim 1, wherein the administration microservice obtains the resource from a connection to a database or a connection to a Lightweight Directory Access Protocol (LDAP).
  - 7. The computer readable medium of claim 1, wherein the remote API proxy looks for the resource in the near cache when the resource is cachable and configured to be cached in the near cache, wherein the remote API proxy looks for the resource in the remote cache when the resource is cachable and configured to be cached in the remote cache.
  - 8. The computer readable medium of claim 7, wherein the remote API proxy calls the administration microservice to obtain the resource if the resource is not cachable or if the resource is cachable but is not cached in the near cache or in the remote cache.
  - 9. The computer readable medium of claim 1, wherein the resource is configured to be cached in the near cache when the resource is not a tenant specific resource.
  - 10. The computer readable medium of claim 1, wherein a file stored at a global database indicates whether the resource is cachable, and if cachable, whether the resource is configured to be cached in the remote cache or in the near cache.
  - 11. The computer readable medium of claim 1, wherein the resource is configured to be cached in the remote cache when the resource is a tenant specific resource.
  - 12. The computer readable medium of claim 1, wherein the remote cache implements a different namespace for each tenant that uses the first microservice.

13. A method of providing cloud-based identity and access management, comprising:
- receiving a request from a client for a resource, the request comprising a call to a first Application Programming Interface (API) that identifies a first microservice, the resource comprising metadata;
  
  authenticating the request;
  
  accessing the first microservice of a plurality of microservices based on the request, the first microservice comprising a remote API proxy and a near cache, wherein the near cache is local to the first microservice and fronts a remote cache;
  
  determining, by the remote API proxy, whether the resource is indicated as cacheable based on the metadata, and if cacheable whether the resource is cached in the near cache or in the remote cache, wherein the remote cache is external of the first microservice and the remote API proxy establishes a connection with the remote cache;
  
  in response to determining the resource is indicated as cacheable in the near cache, retrieving the resource from the near cache or from the remote cache when the resource is cached;
  
  calling an administration microservice to obtain the resource when the resource is not cached, wherein the administration microservice is a different microservice than the first microservice; and
  
  providing the resource to the client.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the request comprises a Hypertext Transfer Protocol (HTTP) request, wherein the client comprises a Representational State Transfer (REST) client, wherein the administration microservice comprises a System for Cross-domain Identity Management (SCIM) microservice, wherein the providing comprises sending a JavaScript Object Notation (JSON) response payload.
  - 15. The method of claim 13, wherein the first microservice is stateless, wherein the remote cache comprises a distributed data grid, wherein the remote cache and the first microservice are configured to scale independently of one another.
  - 16. The method of claim 13, wherein the first microservice is implemented by a virtual machine.
  - 17. The method of claim 13, wherein the remote API proxy emulates a functionality of the administration microservice.
  - 18. The method of claim 13, wherein the administration microservice obtains the resource from a connection to a database or a connection to a Lightweight Directory Access Protocol (LDAP).
  - 19. The method of claim 13, wherein the remote API proxy looks for the resource in the near cache when the resource is cachable and configured to be cached in the near cache, wherein the remote API proxy looks for the resource in the remote cache when the resource is cachable and configured to be cached in the remote cache.

20. A system comprising:
- one or more processors; and
  
  a non-transitory computer readable medium having instructions stored thereon that, when executed by the processors, cause the processors to provide cloud-based identity and access management, the providing comprising;
  
  receiving a request from a client for a resource, the request comprising a call to a first Application Programming Interface (API) that identifies a first microservice, the resource comprising metadata;
  
  authenticating the request;
  
  accessing the first microservice of a plurality of microservices based on the request, the first microservice comprising a remote API proxy and a near cache, wherein the near cache is local to the first microservice and fronts a remote cache;
  
  determining, by the remote API proxy, whether the resource is indicated as cacheable based on the metadata, and if cacheable whether the resource is cached in the near cache or in the remote cache, wherein the remote cache is external of the first microservice and the remote API proxy establishes a connection with the remote cache;
  
  in response to determining the resource is indicated as cacheable in the near cache, retrieving the resource from the near cache or from the remote cache when the resource is cached;
  
  calling an administration microservice to obtain the resource when the resource is not cached, wherein the administration microservice is a different microservice than the first microservice; and
  
  providing the resource to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Gupta, Lokesh, Pitre, Ashutosh
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Fields, Courtney D

Application Number

US15/661,014
Publication Number

US 20180041491A1
Time in Patent Office

1,104 Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/50   Allocation of resources, e....

G06F 9/547   Remote procedure calls [RPC...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 67/02   based on web technology, e....

H04L 67/568   Storing data temporarily at...

H04L 69/18   Multiprotocol handlers, e.g...

Caching framework for a multi-tenant identity and data security management cloud service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Caching framework for a multi-tenant identity and data security management cloud service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links