SECURITY RESTRICTION TECHNIQUES FOR BROWSER-BASED APPLICATIONS
First Claim
1. A computer-readable medium having computer-executable instructions for causing a computer to perform steps comprising:
- when receiving a request from an external application to retrieve data to be used by the external application within a client browser, performing an intersection on a permission set of a user of the client browser and of the external application to determine a new permission set to use for retrieving the data requested by the external application.
2 Assignments
0 Petitions
Accused Products
Abstract
Various technologies and techniques are disclosed for restricting security levels that can be used with browser-based applications. When a request is received from an external application to retrieve data for use in a client browser, an intersection is performed on a permission set of a user of the client browser and of the external application to determine a new permission set to use for retrieving the requested data. Techniques for restricting operations of an external application that is being run in a client browser are also described. A session token is returned to a client browser after validating access can be granted to the client browser. Validation is performed to confirm access can be granted to an external application. A request for data is received from the external application, with the request for data containing the session token. The requested data is retrieved and returned to the external application.
-
Citations
20 Claims
-
1. A computer-readable medium having computer-executable instructions for causing a computer to perform steps comprising:
when receiving a request from an external application to retrieve data to be used by the external application within a client browser, performing an intersection on a permission set of a user of the client browser and of the external application to determine a new permission set to use for retrieving the data requested by the external application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method for restricting operations that can be performed by an external application that is being run in a client browser comprising the steps of:
-
receiving a request from a client browser to login to an original application; returning a session token to the client browser after validating that access to the original application can be granted to the client browser; while the client browser is still logged in to the original application, receiving a request from an external application to login to the original application; validating that access to the original application can be granted to the external application; receiving a request for data from the external application, with the request for data containing the session token that the external application obtained from the client browser; retrieving the data requested by the external application; and returning the data to the external application. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for restricting operations that can be performed by an external application that is being run in a client browser comprising the steps of:
-
receiving a request from a client browser to login to an original application; returning a session token to the client browser after validating that access to the original application can be granted to the client browser; while the client browser is still logged in to the original application, receiving a request from an external application to login to the original application; validating that access to the original application can be granted to the external application; receiving a request for data from the external application, with the request for data containing the session token that the external application obtained from the client browser; while the client browser and external application are both still logged in to the original application, performing an intersection on a permission set of a user of the client browser and of the external application to determine a new permission set; using a security level associated with the new permission set for an operation that retrieves the data; and returning the data to the external application. - View Dependent Claims (19, 20)
-
Specification