VIRTUALIZED DATA STORAGE AND MANAGEMENT OF POLICY AND CREDENTIAL DATA SOURCES

US 20150089620A1
Filed: 09/22/2014
Published: 03/26/2015
Est. Priority Date: 09/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing, by an extensible data manager, a unified view of a plurality of storage systems to a plurality of single sign-on services, wherein each single sign-on service is associated with a web interface;

receiving a data request, at the extensible data manager for a credential from a single sign-on service;

identifying a storage system associated with the request;

identifying a storage system plug-in corresponding to the storage system;

retrieving data associated with the data request from the storage system through the storage system plug-in; and

returning, to the single sign-on service, the requested data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

69 Citations

View as Search Results

20 Claims

1. A method comprising:
- providing, by an extensible data manager, a unified view of a plurality of storage systems to a plurality of single sign-on services, wherein each single sign-on service is associated with a web interface;
  
  receiving a data request, at the extensible data manager for a credential from a single sign-on service;
  
  identifying a storage system associated with the request;
  
  identifying a storage system plug-in corresponding to the storage system;
  
  retrieving data associated with the data request from the storage system through the storage system plug-in; and
  
  returning, to the single sign-on service, the requested data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the data request is received through a first interface and wherein the data manager converts the data request based on the identified storage system plug-in, and further comprising:
    - sending the converted data request to the storage system through a second interface to retrieve the data associated with the data request, wherein the converted data request includes one or more storage system specific operations.
  - 3. The method of claim 2, further comprising:
    - receiving a response from the storage system through the second interface, wherein the response includes the credential;
      
      encrypting at least a portion of the credential; and
      
      reformatting the response based on the first interface and returning the response through the first interface.
  - 4. The method of claim 1, further comprising:
    - receiving a storage system plug-in associated with a new storage system from an administrator; and
      
      adding the storage system plug-in to a service provider interface.
  - 5. The method of claim 1, further comprising:
    - receiving a second data request, at the extensible data manager for a policy associated with an application;
      
      identifying at least one storage system associated with the request;
      
      identifying at least one storage system plug-in corresponding to the at least one storage system; and
      
      retrieving one or more policies associated with the application from the at least one storage system through the at least one storage system plug-in.
  - 6. The method of claim 5, wherein the second data request is received through a first interface and wherein the data manager converts the data request based on the at least one identified storage system plug-in, and further comprising:
    - sending the converted data request to the storage system through a second interface to retrieve at least one policy responsive to the second data request, wherein the converted data request includes one or more storage system specific operations.
  - 7. The method of claim 5, further comprising:
    - receiving a response from the storage system through the second interface, wherein the response includes the policy; and
      
      reformatting the response based on the first interface and returning the response through the first interface.

8. A non-transitory computer readable storage medium including instructions stored thereon which when executed by a processor cause the processor to perform the steps of:
- providing, by an extensible data manager, a unified view of a plurality of storage systems to a plurality of single sign-on services, wherein each single sign-on service is associated with a web interface;
  
  receiving a data request, at the extensible data manager for a credential from a single sign-on service;
  
  identifying a storage system associated with the request;
  
  identifying a storage system plug-in corresponding to the storage system;
  
  retrieving data associated with the data request from the storage system through the storage system plug-in; and
  
  returning, to the single sign-on service, the requested data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable storage medium of claim 8, wherein the data request is received through a first interface and wherein the data manager converts the data request based on the identified storage system plug-in, and further comprising:
    - sending the converted data request to the storage system through a second interface to retrieve the data associated with the data request, wherein the converted data request includes one or more storage system specific operations.
  - 10. The non-transitory computer readable storage medium of claim 9, further comprising:
    - receiving a response from the storage system through the second interface, wherein the response includes the credential;
      
      encrypting at least a portion of the credential; and
      
      reformatting the response based on the first interface and returning the response through the first interface.
  - 11. The non-transitory computer readable storage medium of claim 8, further comprising:
    - receiving a storage system plug-in associated with a new storage system from an administrator; and
      
      adding the storage system plug-in to a service provider interface.
  - 12. The non-transitory computer readable storage medium of claim 8, further comprising:
    - receiving a second data request, at the extensible data manager for a policy associated with an application;
      
      identifying at least one storage system associated with the request;
      
      identifying at least one storage system plug-in corresponding to the at least one storage system; and
      
      retrieving one or more policies associated with the application from the at least one storage system through the at least one storage system plug-in.
  - 13. The non-transitory computer readable storage medium of claim 12, wherein the second data request is received through a first interface and wherein the data manager converts the data request based on the at least one identified storage system plug-in, and further comprising:
    - sending the converted data request to the storage system through a second interface to retrieve at least one policy responsive to the second data request, wherein the converted data request includes one or more storage system specific operations.
  - 14. The non-transitory computer readable storage medium of claim 12, further comprising:
    - receiving a response from the storage system through the second interface, wherein the response includes the policy; and
      
      reformatting the response based on the first interface and returning the response through the first interface.

15. A system comprising:
- a computer, including a computer readable medium and processor;
  
  a plurality of single sign-on services, executing on the computer, wherein each single sign-on service is associated with a web interface; and
  
  an extensible data manager, executing on the computer, wherein the data manager includes a plurality of storage system-specific plug-ins, wherein each of the plurality of storage system-specific plug-ins is associated with a different type of storage system that stores credentials and policies, and wherein the type of storage system corresponds to a type of access control;
  
  wherein the extensible data manager is configured to receive data requests from the plurality of single sign-on services to perform data management operations on the credentials and policies.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the data request is received through a first interface and wherein the data manager converts the data request based on the identified storage system plug-in, and wherein the extensible data manager sends the converted data request to the storage system through a second interface to retrieve the data associated with the data request, wherein the converted data request includes one or more storage system specific operations.
  - 17. The system of claim 16, wherein the extensible data manager is further configured to:
    - receive a response from the storage system through the second interface, wherein the response includes the credential;
      
      encrypt at least a portion of the credential; and
      
      reformat the response based on the first interface and returning the response through the first interface.
  - 18. The system of claim 15 wherein the extensible data manager is further configured to:
    - receive a storage system plug-in associated with a new storage system from an administrator; and
      
      add the storage system plug-in to a service provider interface.
  - 19. The system of claim 15, wherein the extensible data manager is further configured to:
    - receive a second data request, at the extensible data manager for a policy associated with an application;
      
      identify at least one storage system associated with the request;
      
      identify at least one storage system plug-in corresponding to the at least one storage system; and
      
      retrieve one or more policies associated with the application from the at least one storage system through the at least one storage system plug-in.
  - 20. The system of claim 19, wherein the second data request is received through a first interface and wherein the data manager converts the data request based on the at least one identified storage system plug-in, and wherein the extensible data manager is further configured to sends the converted data request to the storage system through a second interface to retrieve at least one policy responsive to the second data request, wherein the converted data request includes one or more storage system specific operations, and wherein the extensible data manager is further configured to:
    - receive a response from the storage system through the second interface, wherein the response includes the policy; and
      
      reformat the response based on the first interface and returning the response through the first interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Manza, Marc B., Sorial, Ayman, Kolli, Ashish, Uchil, Mrudul, Brunaugh, Josh, Singh, Dharmvir, Cornwell, Smith William, Kuppala, Siva Sundeep, Jain, Swati, Raote, Paresh

Granted Patent

US 9,722,990 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

VIRTUALIZED DATA STORAGE AND MANAGEMENT OF POLICY AND CREDENTIAL DATA SOURCES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VIRTUALIZED DATA STORAGE AND MANAGEMENT OF POLICY AND CREDENTIAL DATA SOURCES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links