Managing secure resources in web resources that are accessed by multiple portals

US 20030225765A1
Filed: 05/31/2002
Published: 12/04/2003
Est. Priority Date: 05/31/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus for authorizing users of network portals to access a secure resource hosted by a secure server, comprising:

an authorization table to store a plurality of user identifiers, each representing a user of an owning portal, and to store for each of the user identifiers an access privilege to the secure resource;

wherein the authorization table stores a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal;

a policy manager to receive from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal, wherein the policy manager grants to the user of the owning portal access to the secure resource according to the access privilege stored in the authorization table for the first user identifier; and

wherein the policy manager receives from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal, wherein the policy manager grants to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.

Citations

28 Claims

1. An apparatus for authorizing users of network portals to access a secure resource hosted by a secure server, comprising:
- an authorization table to store a plurality of user identifiers, each representing a user of an owning portal, and to store for each of the user identifiers an access privilege to the secure resource;
  
  wherein the authorization table stores a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal;
  
  a policy manager to receive from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal, wherein the policy manager grants to the user of the owning portal access to the secure resource according to the access privilege stored in the authorization table for the first user identifier; and
  
  wherein the policy manager receives from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal, wherein the policy manager grants to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the first request comprises a portal identifier representing the owning portal, further comprising:
    - a portal repository to receive the first request, and to authenticate the owning portal using the portal identifier in the first request.
  - 3. The apparatus of claim 1, further comprising:
    - the owning portal, wherein the owning portal receives from the user of the owning portal a third request for access to the secure resource, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and
      
      a user repository to authenticate the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal.
  - 4. The apparatus of claim 3, further comprising:
    - a portal policy manager to authorize the user of the owning portal based on the first user identifier; and
      
      wherein the owning portal sends the first request to the secure server when the user of the owning portal is successfully authorized by the portal policy manager.
  - 5. The apparatus of claim 1, further comprising:
    - a portal repository to receive the second request, and to authenticate the guest portal using the portal identifier in the second request.
  - 6. The apparatus of claim 1, further comprising:
    - the guest portal, wherein the guest portal receives from the user of the guest portal a fourth request for access to the secure resource, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and
      
      a user repository to authenticate the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal.
  - 7. The apparatus of claim 6, further comprising:
    - a portal policy manager to authorize the user of the guest portal based on the second user identifier; and
      
      wherein the guest portal sends the second request to the secure server when the user of the guest portal is successfully authorized by the portal policy manager.

8. An apparatus for authorizing users of network portals to access a secure resource hosted by a secure server, comprising:
- means for storing a plurality of user identifiers, each representing a user of an owning portal, and to store for each of the user identifiers an access privilege to the secure resource;
  
  wherein the means for storing stores a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal;
  
  policy manager means for receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal, wherein the policy manager grants to the user of the owning portal access to the secure resource according to the access privilege stored in the authorization table for the first user identifier; and
  
  wherein the policy manager means receives from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal, wherein the policy manager grants to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the first request comprises a portal identifier representing the owning portal, further comprising:
    - portal repository means for receiving the first request, and for authenticating the owning portal using the portal identifier in the first request.
  - 10. The apparatus of claim 8, further comprising:
    - the owning portal, wherein the owning portal receives from the user of the owning portal a third request for access to the secure resource, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and
      
      user repository means for authenticating the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal.
  - 11. The apparatus of claim 10, further comprising:
    - portal policy manager means for authorizing the user of the owning portal based on the first user identifier; and
      
      wherein the owning portal sends the first request to the secure server when the user of the owning portal is successfully authorized by the portal policy manager.
  - 12. The apparatus of claim 8, further comprising:
    - portal repository means for receiving the second request, and for authenticating the guest portal using the portal identifier in the second request.
  - 13. The apparatus of claim 8, further comprising:
    - the guest portal, wherein the guest portal receives from the user of the guest portal a fourth request for access to the secure resource, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and
      
      user repository means for authenticating the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal.
  - 14. The apparatus of claim 13, further comprising:
    - portal policy manager means for authorizing the user of the guest portal based on the second user identifier; and
      
      wherein the guest portal sends the second request to the secure server when the user of the guest portal is successfully authorized by the portal policy manager.

15. A method for authorizing users of network portals to access a secure resource hosted by a secure server, comprising:
- storing a plurality of user identifiers, each representing a user of an owning portal;
  
  storing for each of the user identifiers an access privilege to the secure resource;
  
  storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal;
  
  receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal;
  
  granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier;
  
  receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and
  
  granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein the first request comprises a portal identifier representing the owning portal, further comprising:
    - receiving the first request; and
      
      authenticating the owning portal using the portal identifier in the first request.
  - 17. The method of claim 15, further comprising:
    - receiving at the owning portal from the user of the owning portal a third request for access to the secure resource, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and
      
      authenticating the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal.
  - 18. The method of claim 17, further comprising:
    - authorizing at the owning portal the user of the owning portal based on the first user identifier; and
      
      sending the first request from the owning portal to the secure server when the user of the owning portal is successfully authorized.
  - 19. The method of claim 15, further comprising:
    - receiving the second request; and
      
      authenticating the guest portal using the portal identifier in the second request.
  - 20. The method of claim 15, further comprising:
    - receiving at the guest portal from the user of the guest portal a fourth request for access to the secure resource, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and
      
      authenticating the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal.
  - 21. The method of claim 20, further comprising:
    - authorizing at the guest portal the user of the guest portal based on the second user identifier; and
      
      sending the second request from the guest portal to the secure server when the user of the guest portal is successfully authorized by the portal policy manager.

22. Computer-readable media embodying instructions executable by a computer to perform a method for authorizing users of network portals to access a secure resource hosted by a secure server, the method comprising:
- storing a plurality of user identifiers, each representing a user of an owning portal;
  
  storing for each of the user identifiers an access privilege to the secure resource;
  
  storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal;
  
  receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier;
  
  receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and
  
  granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The media of claim 22, wherein the first request comprises a portal identifier representing the owning portal, wherein the method further comprises:
    - receiving the first request; and
      
      authenticating the owning portal using the portal identifier in the first request.
  - 24. The media of claim 22, wherein the method further comprises:
    - receiving at the owning portal from the user of the owning portal a third request for access to the secure resource, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and
      
      authenticating the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal.
  - 25. The media of claim 24, wherein the method further comprises:
    - authorizing at the owning portal the user of the owning portal based on the first user identifier; and
      
      sends the first request from the owning portal to the secure server when the user of the owning portal is successfully authorized.
  - 26. The media of claim 22, wherein the method further comprises:
    - receiving the second request; and
      
      authenticating the guest portal using the portal identifier in the second request.
  - 27. The media of claim 22, wherein the method further comprises:
    - receiving at the guest portal from the user of the guest portal a fourth request for access to the secure resource, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and
      
      authenticating the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal.
  - 28. The media of claim 27, wherein the method further comprises:
    - authorizing at the guest portal the user of the guest portal based on the second user identifier; and
      
      sending the second request from the guest portal to the secure server when the user of the guest portal is successfully authorized by the portal policy manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Frieden, Kurt, Markoff, Matthew S., Rudominer, Mitchell B.

Granted Patent

US 7,092,942 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 16/954   Navigation, e.g. using cate...

G06F 21/31   User authentication

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

Y10S 707/99939   Privileged access

Y10S 707/99942   Manipulating data structure...

Managing secure resources in web resources that are accessed by multiple portals

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Managing secure resources in web resources that are accessed by multiple portals

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links