Multi-Tenant Enterprise Application Management

US 20170222997A1
Filed: 02/01/2016
Published: 08/03/2017
Est. Priority Date: 02/01/2016
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computing system, the method comprising:

receiving from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization;

performing an authentication process to create principal data and role data associated with the request, the principal data identifying a user;

using the authentication data and request data, determining a current tenant of the client component;

replacing the principal data with updated principal data, the updated principal data identifying the organization; and

updating the role data associated with the request to create updated role data that indicates roles of the user within the organization.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method performed by a computing system includes receiving from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization. The method further includes performing an authentication process to create principal data and role data associated with the request, the principal data identifying a user. The method further includes using the authentication data and request data, determining a current tenant of the client component. The method further includes replacing the principal data with updated principal data, the updated principal data identifying the organization. The method further includes updating the role data associated with the request to create updated role data that indicates roles of the user within the organization.

96 Citations

View as Search Results

20 Claims

1. A method performed by a computing system, the method comprising:
- receiving from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization;
  
  performing an authentication process to create principal data and role data associated with the request, the principal data identifying a user;
  
  using the authentication data and request data, determining a current tenant of the client component;
  
  replacing the principal data with updated principal data, the updated principal data identifying the organization; and
  
  updating the role data associated with the request to create updated role data that indicates roles of the user within the organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising, forwarding the request to the service component.
  - 3. The method of claim 1, further comprising, wherein the replacing the principal data and the updating the role data is in response to determining that the user is authorized to perform requests on behalf of the organization.
  - 4. The method of claim 1, wherein updating the role data comprises retrieving data from a database that associates user roles within organizations.
  - 5. The method of claim 1, further comprising, with the client component, providing an account switching feature, the account switching feature allowing a user to select an organization on behalf of which requests are to be sent.
  - 6. The method of claim 1, further comprising, with the client component, providing a user interface feature for creating organizations and assigning users to such organizations.
  - 7. The method of claim 1, further comprising, with the service component, retrieving data associated with the organization identified by the updated principal data.
  - 8. The method of claim 7, further comprising, with the service component performing an authorization process using the updated role data and the updated principal data to determine which operations associated with the request data are allowed.
  - 9. The method of claim 1, wherein the enterprise application uses a nested multi-tenant model that is transparent to the service component.
  - 10. The method of claim 1, wherein the nested multi-tenant model includes organizations and sub-organizations, wherein different users have different roles within different organizations.

11. A computing system comprising:
- a processor; and
  
  a memory, the memory comprising machine readable instructions that when executed by the processor, cause the system to;
  
  receive from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization, the request being sent on behalf of the organization;
  
  perform an authentication process to create principal data and role data associated with the request, the principal data identifying a user;
  
  use the authentication data and request data, determining a current tenant of the client component;
  
  replace the principal data with updated principal data, the updated principal data identifying the organization; and
  
  update the role data associated with the request to create updated role data that indicates roles of the user within the organization.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the machine readable instructions further cause the system to forward the request to the service component.
  - 13. The system of claim 11, wherein the machine readable instructions further cause the system to replace the principal data and the update the role data in response to determining that the user is authorized to perform requests on behalf of the organization.
  - 14. The system of claim 11, wherein to update the role data, the machine readable instructions further cause the system to retrieve data from a database that associates user roles within organizations.
  - 15. The system of claim 11, wherein the machine readable instructions further cause the system to provide an Application Programming Interface (API) for a service component, the API configured to allow the service component to determine a user associated with the request.
  - 16. The system of claim 11, wherein the machine readable instructions further cause the system to deny the request in response to determining that the user does not have the privilege to perform an operation associated with the request data on behalf of the organization.
  - 17. The system of claim 11, wherein the machine readable instructions provide an Application Programming Interface (API) for the client component to provide data indicating user privileges in association with organizations.

18. A method comprising:
- receiving a request from a client component of an enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization;
  
  using authentication data created from an authentication process to determine a current tenant of the client component, the authentication data including performing principal data and role data associated with the request, the principal data identifying a user;
  
  replacing the principal data with updated principal data, the updated principal data identifying the organization; and
  
  updating the role data associated with the request to create updated role data that indicates roles of the user within the organization.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising, forwarding the request to the service component.
  - 20. The method of claim 18, further comprising, wherein the replacing the principal data and the updating the role data is in response to determining that the user is authorized to perform requests on behalf of the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Kroehling, Juraci Paixao

Granted Patent

US 11,102,188 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/101 Access control lists [ACL]

Multi-Tenant Enterprise Application Management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-Tenant Enterprise Application Management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links