Application identity design
First Claim
1. A computer-implemented method for providing user credentials over a network to a remote computer application, the method comprising:
- storing user credentials for the remote computer application in a central repository that is accessible through the network;
sending a request to a service to perform, on behalf of a user, a particular task involving the remote computer application;
determining whether the service has been granted permission to act on behalf of the user with respect to the remote computer application; and
when the service has permission to act on behalf of the user, using the service to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
149 Citations
35 Claims
-
1. A computer-implemented method for providing user credentials over a network to a remote computer application, the method comprising:
-
storing user credentials for the remote computer application in a central repository that is accessible through the network;
sending a request to a service to perform, on behalf of a user, a particular task involving the remote computer application;
determining whether the service has been granted permission to act on behalf of the user with respect to the remote computer application; and
when the service has permission to act on behalf of the user, using the service to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for providing user credentials over a network to a remote computer application, the system comprising:
-
a network connecting a plurality of network nodes, each network node representing one or more of;
a user, a service, and a computer application;
a central repository that is accessible through the network and operable to store user credentials for the computer application;
a service operable to;
receive a request to perform, on behalf of a user, a particular task involving the computer application;
determine whether the service has been granted permission to act on behalf of the user with respect to the computer application; and
when the service has permission to act on behalf of the user, retrieve the user'"'"'s credentials for the computer application from the central repository and to supply the retrieved user credentials to the computer application. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer program product, stored on a machine-readable medium, comprising instructions operable to cause a computer to:
-
store user credentials for the remote computer application in a central repository that is accessible through the network;
send a request to a service to perform, on behalf of a user, a particular task involving the remote computer application;
determine whether the service has been granted permission to act on behalf of the user with respect to the remote computer application; and
when the service has permission to act on behalf of the user, use the service to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer-implemented method for providing user credentials over a network to a plurality of remote computer applications, the method comprising:
-
storing a plurality of sets of user credentials for a user in a central repository that is accessible through the network, each set of user credentials representing information that is required by a remote computer application to uniquely identify the user;
performing a single sign on to the network, using a single set of user credentials for the user;
sending a plurality of requests to a plurality of services, each request being a request to perform, on behalf of a user, a particular task involving a particular remote computer application associated with the service;
for each service that receives a request, determining whether the service has been granted permission to act on behalf of the user with respect to the associated remote computer application; and
for each service that has permission to act on behalf of the user, using the service to retrieve the user'"'"'s credentials for the associated remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
-
-
35. A system for providing user credentials over a network to a plurality of computer applications, the system comprising:
-
a network connecting a plurality of network nodes, each network node representing one or more of;
a user, a service, and a computer application;
a central repository that is accessible through the network and operable to store a plurality of sets of user credentials for a user, each set of user credentials representing information that is required by a remote computer application to uniquely identify the user;
a login module operable to receive a single sign on to the network from the user, the single sign on using only single set of user credentials for the user;
a plurality of services, each service being operable to;
receive a request to perform, on behalf of a user, a particular task involving a particular computer application associated with the service;
determine whether the service has been granted permission to act on behalf of the user with respect to the computer application; and
when the service has permission to act on behalf of the user, retrieve the user'"'"'s credentials for the particular computer application from the central repository and to supply the retrieved user credentials to the computer application.
-
Specification