SCIM to LDAP Mapping Using Subtype Attributes

US 20180083915A1
Filed: 09/15/2017
Published: 03/22/2018
Est. Priority Date: 09/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having instructions stored thereon that, when executed by at least one processor, cause the processor to map System for Cross-domain Identity Management (SCIM) resources to Lightweight Directory Access Protocol (LDAP) entries, the converting comprising:

providing an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;

providing a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; and

converting the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for mapping SCIM resources to LDAP entries is provided. An LDAP Directory Information Tree (DIT), including a plurality of LDAP DIT entries that describe LDAP containers, users and groups, is provided. Each LDAP DIT entry includes a Distinguished Name and a plurality of LDAP attribute-value pairs, each of which include an attribute name and one or more attribute values. A SCIM directory, including a plurality of SCIM resource entries, is also provided. Each SCIM resource entry includes a plurality of SCIM attributes, each of which includes a name and one or more values. The plurality of SCIM resource entries are converted to corresponding LDAP DIT entries, and, for each SCIM resource entry that has a SCIM CMVA, the SCIM CMVA is mapped to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes.

Citations

20 Claims

1. A computer-readable medium having instructions stored thereon that, when executed by at least one processor, cause the processor to map System for Cross-domain Identity Management (SCIM) resources to Lightweight Directory Access Protocol (LDAP) entries, the converting comprising:
- providing an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
  
  providing a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; and
  
  converting the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, wherein the SCIM CMVA has a sub-attribute value, and a name of an LDPA attribute subtype includes a hashcode of the SCIM CMVA sub-attribute value.
  - 3. The computer-readable medium of claim 2, wherein the hashcode of the SCIM CMVA sub-attribute value is calculated by a perfect hash function.
  - 4. The computer-readable medium of claim 3, wherein the name of the LDPA attribute subtype includes a hashcode of a first SCIM CMVA sub-attribute value and a second SCIM CMVA sub-attribute value.
  - 5. The computer readable medium of claim 1, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute.
  - 6. The computer readable medium of claim 1, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute.
  - 7. The computer readable medium of claim 1, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple complex attribute (SCA) to a plurality of LDAP attributes.

8. A method for mapping System for Cross-domain Identity Management (SCIM) resources to Lightweight Directory Access Protocol (LDAP) entries, the method comprising:
- providing an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
  
  providing a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; and
  
  converting the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the SCIM CMVA has a sub-attribute value, and a name of an LDPA attribute subtype includes a hashcode of the SCIM CMVA sub-attribute value.
  - 10. The method of claim 9, wherein the hashcode of the SCIM CMVA sub-attribute value is calculated by a perfect hash function.
  - 11. The method of claim 10, wherein the name of the LDPA attribute subtype includes a hashcode of a first SCIM CMVA sub-attribute value and a second SCIM CMVA sub-attribute value.
  - 12. The method of claim 8, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute.
  - 13. The method of claim 8, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute.
  - 14. The method of claim 8, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple complex attribute (SCA) to a plurality of LDAP attributes.

15. A system for mapping System for Cross-domain Identity Management (SCIM) resources to Lightweight Directory Access Protocol (LDAP) entries, the system comprising:
- a first processor, coupled to a network, configured to;
  
  provide an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
  
  a second processor, coupled to the network, configured to;
  
  provide a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; and
  
  convert the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the SCIM CMVA has a sub-attribute value, and a name of an LDPA attribute subtype includes a hashcode of the SCIM CMVA sub-attribute value.
  - 17. The system of claim 16, wherein the name of the LDPA attribute subtype includes a hashcode of a first SCIM CMVA sub-attribute value and a second SCIM CMVA sub-attribute value.
  - 18. The system of claim 15, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute.
  - 19. The system of claim 15, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute.
  - 20. The system of claim 15, wherein converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further includes, for each SCIM resource entry, mapping each SCIM simple complex attribute (SCA) to a plurality of LDAP attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
MEDAM, Venkateswara Reddy, SASTRY, Hari, XU, Xiaoxiao, Frost, Michael Ray

Granted Patent

US 10,791,087 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2246   Trees, e.g. B+trees

H04L 61/10   of different types

H04L 61/45   Network directories; Name-t...

H04L 61/4505   using standardised director...

H04L 61/4523   using lightweight directory...

H04L 61/4552   Lookup mechanisms between a...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/104   Grouping of entities

H04L 67/01   Protocols

SCIM to LDAP Mapping Using Subtype Attributes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SCIM to LDAP Mapping Using Subtype Attributes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links