Unified authorization for heterogeneous applications
First Claim
Patent Images
1. A method for authorizing a user comprising:
- a) receiving from a user device a first request for a service of an application;
b) determining a user identifier associated with the user device;
c) determining an access right required to access the service without accessing the application;
d) determining if the user identifier is associated with the access right;
e) in response to a determination of the user identifier being associated with the access right, generating a second request for the service of the application, the second request being different from the first request;
f) sending the second request to the application;
g) accessing the application using one or more user credentials different from one or more credentials of the user device.
2 Assignments
0 Petitions
Accused Products
Abstract
An enterprise system may separate the executable functionality existing in backend applications, and the separation may be at differing levels of granularity. The separated functions of the application may be registered in a catalog in the form of metadata objects. Once the executable functionality has been registered, the authorization information for each granular functional object may be associated with authorization information. In this manner, the authorization of a service of an application may be made on a feature by feature (or object by object) basis in a unified manner.
-
Citations
20 Claims
-
1. A method for authorizing a user comprising:
-
a) receiving from a user device a first request for a service of an application;
b) determining a user identifier associated with the user device;
c) determining an access right required to access the service without accessing the application;
d) determining if the user identifier is associated with the access right;
e) in response to a determination of the user identifier being associated with the access right, generating a second request for the service of the application, the second request being different from the first request;
f) sending the second request to the application;
g) accessing the application using one or more user credentials different from one or more credentials of the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more computer readable media having stored thereon a data structure comprising:
-
a) a first data field containing data representing an object identifier, the object identifier indicating an available service of an application;
b) a second data field, associated with the first data field, containing data representing an access control list identifier;
c) a third data field, associated with the second data field, containing data representing an access control entry identifier;
d) a fourth data field, associated with the third data field, containing data representing a user identifier associated with an authorized user of the application; and
e) a fifth data field, associated with the third data field, containing data representing a right identifier indicating an authorized right of the authorized user to access the available service. - View Dependent Claims (12, 13, 14)
-
-
15. One or more computer readable media containing computer readable instructions that, when implemented, perform a method comprising:
-
a) associating a service identifier with connection information, an authorized user identifier, and an access right indicator of the authorized user identifier, wherein the service identifier is associated with a service of at least one of a plurality of available applications providing services;
b) receiving a request for the service from a user device;
c) verifying that a user identifier associated with the user device matches the authorized user identifier without accessing the at least one of the plurality of available applications;
d) based on the access right indicator, verifying that the request for the service is allowed by the authorized right indicator without accessing the at least one of the plurality of available applications;
e) if the user identifier and the request are verified, accessing the at least one of the plurality of available applications using credentials different from user credentials of the user device; and
f) requesting the service from the at least one of the plurality of available applications. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification