Propagating User Identities In A Secure Federated Search System

US 20070220268A1
Filed: 02/28/2007
Published: 09/20/2007
Est. Priority Date: 03/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method of propagating user identities in a secure federated search environment, comprising:

authenticating a user to the secure federated search environment and obtaining security credentials for the authenticated user;

normalizing the security credentials and translating user identities from a plurality of secure data sources;

receiving a query for the authenticated user;

translating the query for the plurality of data sources and propagating the translated queries to the plurality of secure data sources using the translated user identities and normalized security credentials to access the plurality of secure data sources; and

consolidating query results received from the plurality of secure data sources and displaying the consolidated query results to the user in response to the query.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.

206 Citations

17 Claims

1. A method of propagating user identities in a secure federated search environment, comprising:
- authenticating a user to the secure federated search environment and obtaining security credentials for the authenticated user;
  
  normalizing the security credentials and translating user identities from a plurality of secure data sources;
  
  receiving a query for the authenticated user;
  
  translating the query for the plurality of data sources and propagating the translated queries to the plurality of secure data sources using the translated user identities and normalized security credentials to access the plurality of secure data sources; and
  
  consolidating query results received from the plurality of secure data sources and displaying the consolidated query results to the user in response to the query.
- View Dependent Claims (2, 3, 4)
- - 2. A method according to claim 1, further comprising:
    - mapping the translated user identities before propagating the translated queries.
  - 3. A method according to claim 1, further comprising:
    - matching the security credentials with a template source.
  - 4. A method according to claim 1, further comprising:
    - allowing the user to subscribe to at least one of the plurality of secure data sources; and
      
      automatically launching a crawl of the at least one secure data source after the subscribing.

5. A method of propagating user identities in a secure federated search environment, comprising:
- authenticating a user to the secure federated search environment using a single sign-on process and obtaining security credentials for the authenticated user;
  
  receiving a query for the authenticated user;
  
  translating the query for the plurality of data sources and propagating the translated queries and security credentials to the plurality of secure data sources; and
  
  consolidating query results received from the plurality of secure data sources and displaying the consolidated query results to the user in response to the query.

6. A system for propagating user identities in a secure federated search environment, comprising:
- a user authentication component operable to authenticate a user of the secure federated search environment and provide security credentials for the authenticated user;
  
  a query component operable to receive a query for the authenticated user; and
  
  a federated broker operable to normalize the security credentials and translate user identities from a plurality of secure data sources, the federated broker being further operable to translate the received query for the plurality of secure data sources and propagate the translated queries to the plurality of secure data sources using the translated user identities and normalized security credentials to access the plurality of secure data sources, the federated broker being further operable to consolidate query results received from the plurality of secure data sources and transmit the consolidated query results to the user in to be displayed as query results.
- View Dependent Claims (7, 8, 9)
- - 7. A system according to claim 6, wherein:
    - the plurality of secure data sources are federated data sources.
  - 8. A system according to claim 6, wherein:
    - the plurality of secure data sources include a plurality of respective identity management systems.
  - 9. A system according to claim 6, further comprising:
    - an identity management plug-in component operable to map the translated user identities.

10. A system for propagating user identities in a secure federated search environment, comprising:
- a single sign-on component operable to authenticate a user of the secure federated search environment and provide security credentials for the authenticated user;
  
  a query component operable to receive a query for the authenticated user; and
  
  a federated broker operable to translate user identities from a plurality of secure data sources, the federated broker being further operable to translate the received query for the plurality of secure data sources and propagate the translated queries and security credentials to the plurality of secure data sources, the federated broker being further operable to consolidate query results received from the plurality of secure data sources and transmit the consolidated query results to the user in to be displayed as query results.
- View Dependent Claims (11, 12)
- - 11. A system according to claim 10, wherein:
    - the federated broker is further operable to propagate a single sign-on cookie to the plurality of data sources.
  - 12. A system according to claim 10, wherein:
    - the plurality of secure data sources are federated data sources.

13. A computer program product embedded in a computer readable medium for propagating user identities in a secure federated search environment, comprising:
- program code for authenticating a user to the secure federated search environment and obtaining security credentials for the authenticated user;
  
  program code for normalizing the security credentials and translating user identities from a plurality of secure data sources;
  
  program code for receiving a query for the authenticated user;
  
  program code for translating the query for the plurality of data sources and propagating the translated queries to the plurality of secure data sources using the translated user identities and normalized security credentials to access the plurality of secure data sources; and
  
  program code for consolidating query results received from the plurality of secure data sources and displaying the consolidated query results to the user in response to the query.
- View Dependent Claims (14, 15, 16)
- - 14. A computer program product according to claim 13, further comprising:
    - program code for mapping the translated user identities before propagating the translated queries.
  - 15. A computer program product according to claim 13, further comprising:
    - program code for matching the security credentials with a template source.
  - 16. A computer program product according to claim 13, further comprising:
    - program code for allowing the user to subscribe to at least one of the plurality of secure data sources; and
      
      program code for automatically launching a crawl of the at least one secure data source after the subscribing.

17. A computer program product embedded in a computer readable medium for propagating user identities in a secure federated search environment, comprising:
- program code for authenticating a user to the secure federated search environment using a single sign-on process and obtaining security credentials for the authenticated user;
  
  program code for receiving a query for the authenticated user;
  
  program code for translating the query for the plurality of data sources and propagating the translated queries and security credentials to the plurality of secure data sources; and
  
  program code for consolidating query results received from the plurality of secure data sources and displaying the consolidated query results to the user in response to the query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Krishnaprasad, Muralidhar, Bhavsar, Meeten, Bhatkar, Sachin, Chang, Thomas, Nimani, Visar

Granted Patent

US 8,214,394 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 16/2452   Query translation

G06F 16/2455   Query execution

H04L 63/0815   providing single-sign-on or...

Propagating User Identities In A Secure Federated Search System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

206 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Propagating User Identities In A Secure Federated Search System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

206 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others