Authorizing service requests in multi-tiered applications
First Claim
1. At an upstream service in a computerized environment in which the upstream service and one or more downstream services comprise a multi-tiered application system, a method of proving authority to communicate with the one or more downstream services, comprising the acts of:
- receiving an end-user request at an upstream service for one or more actions to be performed by a multi-tiered application system;
determining that the end-user request involves an action to be performed by a downstream service;
requesting one or more security tokens from a security token service, wherein the one or more security tokens identify the upstream service;
creating a secure communication channel with the downstream service using at least one of the one or more security tokens, wherein the upstream service proves authority to communicate with the downstream service as a trusted subsystem; and
sending the end-user request to the downstream service over the secure communication channel.
2 Assignments
0 Petitions
Accused Products
Abstract
Services of a multi-tier application can authorize (e.g., including authenticating) each other with one or more service access tokens provided by a security token service. In one implementation, an end-user can authenticate with the security token service to obtain one or more security tokens for communicating with an upstream application service. Requests that involve further processing from downstream services of the application can also involve service authorization/authentication measures. Thus, the upstream application service can also authenticate with the security token service to obtain one or more security tokens, such as a session token, and a service access token. The service access token for the upstream service can also include one or more signed policy settings. The upstream service can then use the one or more security tokens to prove authority to communicate with a downstream service in accordance with the policy settings.
51 Citations
20 Claims
-
1. At an upstream service in a computerized environment in which the upstream service and one or more downstream services comprise a multi-tiered application system, a method of proving authority to communicate with the one or more downstream services, comprising the acts of:
-
receiving an end-user request at an upstream service for one or more actions to be performed by a multi-tiered application system;
determining that the end-user request involves an action to be performed by a downstream service;
requesting one or more security tokens from a security token service, wherein the one or more security tokens identify the upstream service;
creating a secure communication channel with the downstream service using at least one of the one or more security tokens, wherein the upstream service proves authority to communicate with the downstream service as a trusted subsystem; and
sending the end-user request to the downstream service over the secure communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. At a downstream service in a computerized environment in which the downstream service and one or more upstream services comprise a multi-tiered application system, a method of authorizing and/or authenticating communications from the one or more upstream services, comprising the acts of:
-
establishing a secure communication channel with an upstream service;
receiving a request from the upstream service to process data, wherein the request includes at least one identifier of the upstream service;
determining that the at least one identifier proves authority to make the request based on one or more policy settings; and
returning a result to the upstream service over the secure communication channel, wherein the result is processed based on authority provided from the at least one identifier for the upstream service. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. At an upstream service in a computerized environment in which the upstream service and one or more downstream services comprise a multi-tiered application system, a computer program product having computer-executable instructions stored thereon that, when executed, cause one or more processors to perform a method of proving authority to communicate with the one or more downstream services, comprising the acts of:
-
receiving an end-user request at an upstream service for one or more actions to be performed by a multi-tiered application system;
determining that the end-user request involves an action to be performed by a downstream service;
requesting one or more security tokens from a security token service, wherein the one or more security tokens identify the upstream service;
creating a secure communication channel with the downstream service using at least one of the one or more security tokens, wherein the upstream service proves authority to communicate with the downstream service as a trusted subsystem; and
sending the end-user request to the downstream service over the secure communication channel.
-
Specification