FLEXIBLE AUTHENTICATION FRAMEWORK
First Claim
1. A method for authenticating users in a secure search system, comprising:
- receiving, using one or more processors, user identification information from a user in a secure enterprise system (SES);
providing, using the one or more processors, the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API);
validating, using the one or more processors, the user against at least one identity management system in the plurality of identity management systems;
crawling, using the one or more processors, at least one secure data source in the SES that is associated with the at least one identity management system;
building, using the one or more processors, an index of documents from the at least one secure data source based on the crawling;
receiving, using the one or more processors, a query from the user;
calling back, using the one or more processors, at query time into the at least one identity management system to obtain security attribute values for the user;
appending, using the one or more processors, the security attribute values for the user to the query and using the appended query to query the index of documents; and
determining, using the one or more processors, one or more documents from the index of documents, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents.
1 Assignment
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be received at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
-
Citations
20 Claims
-
1. A method for authenticating users in a secure search system, comprising:
-
receiving, using one or more processors, user identification information from a user in a secure enterprise system (SES); providing, using the one or more processors, the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); validating, using the one or more processors, the user against at least one identity management system in the plurality of identity management systems; crawling, using the one or more processors, at least one secure data source in the SES that is associated with the at least one identity management system; building, using the one or more processors, an index of documents from the at least one secure data source based on the crawling; receiving, using the one or more processors, a query from the user; calling back, using the one or more processors, at query time into the at least one identity management system to obtain security attribute values for the user; appending, using the one or more processors, the security attribute values for the user to the query and using the appended query to query the index of documents; and determining, using the one or more processors, one or more documents from the index of documents, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable storage medium comprising instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving user identification information from a user in a secure enterprise system (SES); providing the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); validating the user against at least one identity management system in the plurality of identity management systems; crawling at least one secure data source in the SES that is associated with the at least one identity management system; building an index of documents from the at least one secure data source based on the crawling; receiving a query from the user; calling back at query time into the at least one identity management system to obtain security attribute values for the user; appending the security attribute values for the user to the query and using the appended query to query the index of documents; and determining one or more documents from the index of documents, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more processors; and one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving user identification information from a user in a secure enterprise system (SES); providing the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); validating the user against at least one identity management system in the plurality of identity management systems; crawling at least one secure data source in the SES that is associated with the at least one identity management system; building an index of documents from the at least one secure data source based on the crawling; receiving a query from the user; calling back at query time into the at least one identity management system to obtain security attribute values for the user; appending the security attribute values for the user to the query and using the appended query to query the index of documents; and determining one or more documents from the index of documents, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification