DATA ACCESS PROGRAMMING MODEL FOR OCCASIONALLY CONNECTED APPLICATIONS
First Claim
1. A system configured to access a portion of a computing environment secured by an authorization server on behalf of an application executing within a virtual environment, the system comprising:
- an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment;
an authorization requesting component configured to;
request an authorization token authorizing access to the portion from the authorization server using at least one credential, andupon receiving the authorization token, store the authorization token in the authorization token store; and
a computing environment component configured to access the portion by;
identifying in the authorization token store an authorization token authorizing access to the portion;
upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and
upon identifying the authorization token, accessing the portion with the authorization token.
2 Assignments
0 Petitions
Accused Products
Abstract
Portions of a computing environment (such as a user'"'"'s mesh) may restrict accessing to particular types of access by particular applications. The computer may support applications executing within a virtual environment (such as a web browser) by brokering such access through a token-based system. When an application requests a particular type of access (e.g., writing to a particular data object), the computer may contact an authorization server with the credentials of the application to request the specified access, and may receive and store an authorization token. The computer may then access the computing environment with the authorization token, and may return the results to the application within the virtual environment. Additional features may further support such applications; e.g., a programmatic interface may be provided in a familiar language, such as JavaScript, whereby applications can request access to particular data objects and identify authorized access capabilities.
-
Citations
20 Claims
-
1. A system configured to access a portion of a computing environment secured by an authorization server on behalf of an application executing within a virtual environment, the system comprising:
-
an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment; an authorization requesting component configured to; request an authorization token authorizing access to the portion from the authorization server using at least one credential, and upon receiving the authorization token, store the authorization token in the authorization token store; and a computing environment component configured to access the portion by; identifying in the authorization token store an authorization token authorizing access to the portion; upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and upon identifying the authorization token, accessing the portion with the authorization token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable medium comprising processor-executable instructions configured to implement a system configured to access a portion of a computing environment secured by an authorization server on behalf of an application executing within a virtual environment, the system comprising:
-
an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment; an authorization requesting component configured to; request an authorization token authorizing access to the portion from the authorization server using at least one credential, and upon receiving the authorization token, store the authorization token in the authorization token store; and a computing environment component configured to access the portion by; identifying in the authorization token store an authorization token authorizing access to the portion; upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and upon identifying the authorization token, accessing the portion with the authorization token.
-
-
20. A system configured to access a portion of a deployable computing environment hosted by a computing environment host and secured by an authorization server on behalf of an application executing within a virtual environment, the application managed by an application host and configured to execute in an application host connection context selected from a set of application host connection contexts comprising a connected context and a disconnected context, the system comprising:
-
an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment; an authorization requesting component configured to; request an authorization token authorizing access to the portion from the authorization server using at least one credential by providing to the authorization server; at least one computing environment portion identifier identifying the portion of the computing environment selected from a set of portions of the computing environment comprising; a complete computing environment, at least one data object represented in the computing environment, at least one data object type of at least one data object represented in the computing environment, at least one event list represented in the computing environment, at least one device represented in the computing environment, at least one contact represented in the computing environment, and at least one user profile represented in the computing environment; at least one access type identifier identifying permissible operations on the portion and comprising at least one role selected from a set of roles comprising an owner role, a contributor role, and a reader role; at least one identity identifier selected from an identity set comprising; the application, a user of the application, and an application host of the application; and at least one privacy policy document describing a privacy policy of the application; upon receiving the authorization token, store the authorization token in the authorization token store; and remove the authorization token from the authorization token store after expiration of an authorization duration specified by the authorization token; a computing environment component configured to execute outside of the virtual environment and to access the portion by; identifying in the authorization token store an authorization token authorizing access to the portion; upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and upon identifying the authorization token, accessing the portion with the authorization token; and a virtual environment interface executing within the virtual environment and configured to invoke the computing environment component to access the computing environment on behalf of the application, and comprising a programmatic interface available in the virtual environment and comprising at least one operation corresponding to requesting the authorization token using the at least one credential.
-
Specification