Single system user identity

US 20030079029A1
Filed: 08/05/2002
Published: 04/24/2003
Est. Priority Date: 10/18/2001
Status: Active Grant

First Claim

Patent Images

1. A system for validating a user on an application server, comprising:

an application server;

at least one application running on the application server, each application having an access mechanism through which an external user can access at least one of the application and application server; and

a validation mechanism for validating an external user gaining access through an access mechanism, the validation mechanism switching the identity of a validated external user to an internal user identity recognized by said at least one application running on the application server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When an external user such as a trading partner makes a request into an access point of an application on an application server, that external user can be authenticated as a valid user on the system. The identity of the external user can then be switched to an internal system user identity, such as by pushing new user information on the user stack or by adding internal user context. This internal system user identity allows the user to access resources and applications on the application server that are not available to an external user. The use of this single internal system user identity allows for a single login process that can be used for all resources and applications on the server. The use of an internal user also prevents an external user from accessing those resources unless the user is first authenticated through a proper entry point.

176 Citations

View as Search Results

27 Claims

1. A system for validating a user on an application server, comprising:
- an application server;
  
  at least one application running on the application server, each application having an access mechanism through which an external user can access at least one of the application and application server; and
  
  a validation mechanism for validating an external user gaining access through an access mechanism, the validation mechanism switching the identity of a validated external user to an internal user identity recognized by said at least one application running on the application server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A system according to claim 1, wherein:
    - said at least one application is an integration application.
  - 3. A system according to claim 1, further comprising:
    - at least one trading partner having permissions on the application server and any applications running on the application server.
  - 4. A system according to claim 1, further comprising:
    - a database in communication with the application server for storing information related to any user of an application.
  - 5. A system according to claim 1, wherein:
    - the at least one application running on the application server has an access mechanism that is a portal component.
  - 6. A system according to claim 1, wherein:
    - said validation mechanism switches the identity of the user, the user identity being a user stack, by pushing internal user information on the user stack.
  - 7. A system according to claim 1, wherein:
    - said validation mechanism switches the identity of the user by adding internal user context to the eternal user identity.
  - 8. A system according to claim 1, further comprising:
    - application resources that are accessible only to a user with an internal user identity.
  - 9. A system according to claim 1, wherein:
    - said validation mechanism switches the identity of the user to the only internal user identity recognized by each application running on the application server.
  - 10. A system according to claim 1, wherein:
    - each application in said at least one application can communicate with any other application running on the application server without re-validating the external user.
  - 11. A system according to claim 1, wherein:
    - the at least one application has multiple access mechanisms.
  - 12. A system according to claim 1, wherein:
    - the at least one application has an access mechanism selected from the group consisting of databases, queues, and administrative frameworks.
  - 13. A system according to claim 1, further comprising:
    - application resources that can be accessed by an external user without the identity of the external user being switched.
  - 14. A system according to claim 1, wherein:
    - said validation mechanism switches the identity of a validated external user only after the external user attempts access requiring an internal user identity.
  - 15. A system according to claim 1, further comprising:
    - a plurality of applications, wherein the internal user identity is recognized by each application of said plurality of applications.

16. A method for validating a user on an application server, comprising:
- receiving a request from an external user to an access point of an application on an application server;
  
  authenticating the external user; and
  
  switching the identity of the external user to an internal user identity, the internal user identity providing access to resources for any application running on the application server.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. A method according to claim 16, wherein:
    - authenticating the user involves checking information for the external user against user information in a database in communication with the application server.
  - 18. A method according to claim 16, wherein:
    - switching the identity of the external user to an internal user identity involves pushing internal user information on a user stack for the external user.
  - 19. A method according to claim 16, wherein:
    - switching the identity of the external user to an internal user identity involves adding internal user context information to the external user identity.
  - 20. A method according to claim 16, further comprising:
    - limiting access for application resources to users with an internal user identity.
  - 21. A method according to claim 16, further comprising:
    - selecting a single internal user identity to be used to provide access for each application and resource on the application server.
  - 22. A method according to claim 16, further comprising:
    - allowing an external user to access certain resources on the application server without switching the identity of the external user.
  - 23. A method according to claim 16, wherein:
    - the identity of the external user is switched only after the external users attempts access requiring an internal user identity.

24. A computer-readable medium, comprising:
- means for receiving a request from an external user to an access point of an application on an application server;
  
  means for authenticating the external user; and
  
  means for switching the identity of the external user to an internal user identity, the internal user identity providing access to resources for any application running on the application server.

25. A computer program product for execution by a server computer for validating a user on an application server, comprising:
- computer code that can receive a request from an external user to an access point of an application on an application server;
  
  computer code that can authenticate the external user; and
  
  computer code that can switch the identity of the external user to an internal user identity, the internal user identity providing access to resources for any application running on the application server.

26. A system for validating a user on an application server, comprising:
- means for receiving a request from an external user to an access point of an application on an application server;
  
  means for authenticating the external user; and
  
  means for switching the identity of the external user to an internal user identity, the internal user identity providing access to resources for any application running on the application server.

27. A computer system comprising:
- a processor;
  
  object code executed by said processor, said object code configured to;
  
  receive a request from an external user to an access point of an application on an application server;
  
  authenticate the external user; and
  
  switch the identity of the external user to an internal user identity, the internal user identity providing access to resources for any application running on the application server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Dalal, Sanjay, Garimella, Sandilya

Granted Patent

US 7,552,222 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 2221/2115   Third party

G06Q 10/06   Resources, workflows, human...

H04L 63/102   Entity profiles

Y10S 707/99939   Privileged access

Single system user identity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

176 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Single system user identity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links