POLICY ENFORCEMENT POINT FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

US 20170331791A1
Filed: 05/10/2017
Published: 11/16/2017
Est. Priority Date: 05/11/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:

receiving a request by a cloud gate for an identity management service for reaching an application;

determining a tenancy from a header value of the request;

looking up a policy configured to be applied for the tenancy;

applying the policy to the request; and

sending the request to a microservice based on a result of the applying of the policy to the request, wherein the microservice performs the identity management service for reaching the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides cloud-based identity and access management. The system receives a request by a web gate for an identity management service for reaching an application, and determines a tenancy from a header value of the request. The system looks up a policy configured to be applied for the tenancy, and applies the policy to the request. The system then sends the request to a microservice based on a result of the applying of the policy to the request, where the microservice performs the identity management service for reaching the application.

Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management, the providing comprising:
- receiving a request by a cloud gate for an identity management service for reaching an application;
  
  determining a tenancy from a header value of the request;
  
  looking up a policy configured to be applied for the tenancy;
  
  applying the policy to the request; and
  
  sending the request to a microservice based on a result of the applying of the policy to the request, wherein the microservice performs the identity management service for reaching the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer readable medium of claim 1, wherein a resource of the application is identified through a request endpoint of the request, wherein the policy indicates whether access to the resource is allowed for the tenancy, wherein the policy further indicates a method of gaining access to the resource of the application.
  - 3. The computer readable medium of claim 1, wherein the policy is specified in a file managed by the cloud gate.
  - 4. The computer readable medium of claim 1, wherein the microservice implements OAuth functionality.
  - 5. The computer readable medium of claim 1, wherein the cloud gate implements cookie-based session management functionality for accessing the application.
  - 6. The computer readable medium of claim 1, wherein the cloud gate acts as an OAuth relaying party for accessing the application.
  - 7. The computer readable medium of claim 1, wherein the application is configured to be used by multiple tenancies including the tenancy.
  - 8. The computer readable medium of claim 1, wherein the microservice is stateless and retrieves data from a database to perform the identity management service.
  - 9. The computer readable medium of claim 8, wherein the database and the microservice are configured to scale independently of one another.
  - 10. The computer readable medium of claim 8, wherein the database comprises a distributed data grid.

11. A method of providing cloud-based identity and access management, comprising:
- receiving a request by a cloud gate for an identity management service for reaching an application;
  
  determining a tenancy from a header value of the request;
  
  looking up a policy configured to be applied for the tenancy;
  
  applying the policy to the request; and
  
  sending the request to a microservice based on a result of the applying of the policy to the request, wherein the microservice performs the identity management service for reaching the application.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein a resource of the application is identified through a request endpoint of the request, wherein the policy indicates whether access to the resource is allowed for the tenancy, wherein the policy further indicates a method of gaining access to the resource of the application.
  - 13. The method of claim 11, wherein the policy is specified in a file managed by the cloud gate.
  - 14. The method of claim 11, wherein the microservice implements OAuth functionality.
  - 15. The method of claim 11, wherein the cloud gate implements cookie-based session management functionality for accessing the application.
  - 16. The method of claim 11, wherein the cloud gate acts as an OAuth relaying party for accessing the application.
  - 17. The method of claim 11, wherein the application is configured to be used by multiple tenancies including the tenancy.
  - 18. The method of claim 11, wherein the microservice is stateless and retrieves data from a database to perform the identity management service.
  - 19. The method of claim 18, wherein the database and the microservice are configured to scale independently of one another.

20. A system for providing cloud-based identity and access management, comprising:
- a receiving module that receives a request by a cloud gate for an identity management service for reaching an application;
  
  a determining module that determines a tenancy from a header value of the request;
  
  a look up module that looks up a policy configured to be applied for the tenancy;
  
  an applying module that applies the policy to the request; and
  
  a sending module that sends the request to a microservice based on a result of the applying of the policy to the request, wherein the microservice performs the identity management service for reaching the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
WARDELL, Stephan, FOLKINS, Andrew B., LANDER, Vadim, MISHRA, Prateek, LEVINSON, Rich, WOMACKS, Cory, CUTHBERT, Dino E.

Granted Patent

US 10,425,386 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/18   Delegation of network manag...

H04L 41/28   Restricting access to netwo...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5096   wherein the managed service...

H04L 63/0281   Proxies

H04L 63/0815   providing single-sign-on or...

H04L 63/205   involving negotiation or de...

H04L 67/02   based on web technology, e....

H04L 67/146   Markers for unambiguous ide...

H04L 67/563   Data redirection of data ne...

H04L 67/568   Storing data temporarily at...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

POLICY ENFORCEMENT POINT FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY ENFORCEMENT POINT FOR A MULTI-TENANT IDENTITY AND DATA SECURITY MANAGEMENT CLOUD SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links