Flexible Authentication Framework
First Claim
1. A method for authenticating users in a secure search system, comprising:
- providing a framework operable to accept user identification information in an arbitrary format;
receiving user identification information from a user requesting access to a secure data source;
validating the user against an identity management system for the secure data source; and
if the user is validated, calling back into the identity management system for the secure data source to obtain access information for the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
-
Citations
17 Claims
-
1. A method for authenticating users in a secure search system, comprising:
-
providing a framework operable to accept user identification information in an arbitrary format;
receiving user identification information from a user requesting access to a secure data source;
validating the user against an identity management system for the secure data source; and
if the user is validated, calling back into the identity management system for the secure data source to obtain access information for the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for authenticating users in a secure search system, comprising:
-
an authentication module operable to receive user identification information in an arbitrary format, the user requesting access to a secure data source;
a plurality of APIs, each API operable to communicate with one of a plurality of identity management systems, each identity management system being associated with one of a plurality of secure data sources, the authentication module being operable to pass the user identification information through an appropriate API for the requested secure data source to a respective identity management system, and receive back validation information for the user from the respective identity management system for the secure data source; and
a callback mechanism operable to call back into the respective identity management system when the user is validated in order to obtain access information for the user. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer program product embedded in a computer readable medium for authenticating users in a secure search system, comprising:
-
program code for providing a framework operable to accept user identification information in an arbitrary format;
program code for receiving user identification information from a user requesting access to a secure data source;
program code for validating the user against an identity management system for the secure data source; and
program code for calling back into the identity management system for the secure data source to obtain access information for the user when the user is validated. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification