INTER-APPLICATION MANAGEMENT OF USER CREDENTIAL DATA

US 20120266229A1
Filed: 07/08/2011
Published: 10/18/2012
Est. Priority Date: 04/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing an SDK for a client web application which performs user authorizations;

including within that SDK an enhanced set of authorization APIs;

wherein that enhanced set of APIs including the following;

providing a resource so that the developer can include developer-defined user information; and

providing a resource so that the developer can choose between using a cookie, or using server-side storage for storing the developer-defined user information; and

providing a resource so that the developer can choose between two embodiments of security framework.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and apparatus for enhancing the functionality and utility of an authentication process for web applications is disclosed.

Citations

15 Claims

1. A method, comprising:
- providing an SDK for a client web application which performs user authorizations;
  
  including within that SDK an enhanced set of authorization APIs;
  
  wherein that enhanced set of APIs including the following;
  
  providing a resource so that the developer can include developer-defined user information; and
  
  providing a resource so that the developer can choose between using a cookie, or using server-side storage for storing the developer-defined user information; and
  
  providing a resource so that the developer can choose between two embodiments of security framework.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the security framework comprises a plurality of generic servlet filters and spring security filters.
  - 3. The method of claim 1, wherein the generic servlet filter performs OAuth flow and routes the user to the login page.
  - 4. The method of claim 1, wherein the generic servlet filter is used within servlet-based web applications that operate without using any specific security framework.
  - 5. The method of claim 1, further comprising:
    - the generic servlet filter resulting in exactly one of the following outcomes,finding a cookie or session containing that user'"'"'s SecurityContext, so that the user is recognized;
      
      not finding a cookie or session containing that user'"'"'s SecurityContext, and sending that user to a an authorization url to begin an OAuth handshake;
      
      orsending a token request to obtain a Session ID, API endpoint, and authentication (refresh) token.
  - 6. The method of claim 1, further comprising:
    - facilitating a choice between storing user data in browser cookies or server side sessions, thereby resulting in application instances being completely stateless.
  - 7. The method of claim 1, further comprising:
    - during a server side session, not writing locally to an application memory, but instead using a shared session cache, where each of a plurality of servers writes to a specific session cache.
  - 8. The method of claim 1, wherein one of a plurality of guidelines for the developer-defined user information is including data that is needed often, thereby precluding the client application from continually querying for this data.
  - 9. The method of claim 1, further comprising:
    - including only frequently looked-up data within the developer-defined user information.

10. A multi-tenant database system, comprising:
- a database system to store data for each of multiple tenants;
  
  an application server communicably coupled to the database system and to a network, the application server to provide network access to the database system for each of the multiple tenants; and
  
  an software development kit (SDK) for building client applications which will be accessible on the application server;
  
  including within that SDK an enhanced set of authorization APIs;
  
  wherein that enhanced set of authorization APIs include developer-defined user information and also choosing between using cookies or using server-side storage.

11. A method of providing a software development kit (SDK) having enhanced authorization APIs in a multi-tenant database system, comprising:
- enabling an authorization procedure;
  
  enabling the use of developer-defined user information within that procedure; and
  
  storing the results of a successful authorization procedure in a security context object.

12. The method of claim 12, further comprising:
- providing a resource so that the developer can choose between using a cookie, or using server-side storage, for storing the developer-defined user information.

13. A machine-readable medium carrying one or more sequences of instructions for implementing a method for providing an interface for object relationships, comprising:
- providing a software development kit (SDK) for a client web application which performs user authorizations;
  
  including within that SDK an enhanced set of authorization APIs;
  
  wherein that enhanced set of APIs including the following;
  
  providing a resource so that the developer can include developer-defined user information; and
  
  providing a resource so that the developer can choose between using a cookie, or using server-side storage.

14. A method comprising:
- enabling a security framework accessible to one or more users; and
  
  authenticating said one or more users to a system through said security framework;
  
  wherein the authenticating further comprises incorporating developer-defined user information.

15. The method of claim 15, further comprising:
- providing a resource so that the developer can choose between using a cookie, or using server-side storage, for storing the developer-defined user information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
SIMONE, John, Hossain, Flaz

Granted Patent

US 9,405,896 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/41   where a single sign-on prov...

G06F 8/20   Software design

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 67/01   Protocols

INTER-APPLICATION MANAGEMENT OF USER CREDENTIAL DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

INTER-APPLICATION MANAGEMENT OF USER CREDENTIAL DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links