SYSTEMS AND METHODS FOR CLOUD-BASED SERVICE FUNCTION CHAINING USING SECURITY ASSERTION MARKUP LANGUAGE (SAML) ASSERTION

US 20180198791A1
Filed: 01/12/2017
Published: 07/12/2018
Est. Priority Date: 01/12/2017
Status: Active Grant

First Claim

Patent Images

1. A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions, the cloud-based method comprising:

receiving configuration information related to any of users, services, and correspondence between the users and the services;

responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and

providing the SAML assertion with the stack of service tags to the user in response to the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.

48 Citations

20 Claims

1. A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions, the cloud-based method comprising:
- receiving configuration information related to any of users, services, and correspondence between the users and the services;
  
  responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and
  
  providing the SAML assertion with the stack of service tags to the user in response to the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 17)
- - 2. The cloud-based method of claim 1, further comprising:
    - providing the SAML assertion by the user to one or more services, wherein each of the one or more services creates a context based on the stack of service tags.
  - 3. The cloud-based method of claim 2, wherein each of the one or more services identifies itself in the stack of service tags and sends the SAML assertion to a next service or application in the stack of service tags.
  - 4. The cloud-based method of claim 1, wherein the stack of service tags comprises a plurality of entries each identifying a service provider associated with a service and a direction for requests and responses.
  - 5. The cloud-based method of claim 1, wherein configuration information comprises an ordered set of the services for each user or groups of users.
  - 6. The cloud-based method of claim 1, wherein the receiving, generating, and providing are performed by an Identity Provider.
  - 7. The cloud-based method of claim 1, wherein at least two of the services are performed by different service providers such that the service chain extends between at least two service providers.
  - 8. The cloud-based method of claim 1, wherein once the service chain is established, the user is configured to forward packets with a service layer header identifying a SAML ID for service providers associated with the stack of service tags.
  - 9. The cloud-based method of claim 8, wherein the service providers are configured to identify the service chain based on the SAML ID and to process the packets based thereon.
  - 10. The cloud-based method of claim 1, wherein a service function chain (SFC) proxy computes a service layer header when the service provider of the services is incognizant of any service chain.
  - 17. The server of claim 1, wherein at least two of the services are performed by different service providers such that the service chain extends between at least two service providers.

11. A server configured to provide service function chaining using Security Assertion Markup Language (SAML) assertions, the server comprising:
- a network interface communicatively coupled to the one or more cloud nodes;
  
  a processor communicatively coupled to the network interface; and
  
  memory storing computer-executable instructions that, when executed, cause the processor to;
  
  receive configuration information related to any of users, services, and correspondence between the users and the services;
  
  responsive to a request from a user, generate a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and
  
  provide the SAML assertion with the stack of service tags to the user in response to the request.
- View Dependent Claims (12, 13, 14, 15, 16, 18, 19)
- - 12. The server of claim 11, wherein the user is configured to provide the SAML assertion by the user, wherein each of the one or more services creates a context based on the stack of service tags.
  - 13. The server of claim 12, wherein each of the one or more services identifies itself in the stack of service tags and sends the SAML assertion to a next service or application in the stack of service tags.
  - 14. The server of claim 11, wherein the stack of service tags comprises a plurality of entries each identifying a service provider associated with a service and a direction for requests and responses.
  - 15. The server of claim 11, wherein configuration information comprises an ordered set of the services for each user or groups of users.
  - 16. The server of claim 11, wherein the server is operated by an Identity Provider.
  - 18. The server of claim 11, wherein once the service chain is established, the user is configured to forward packets with a service layer header identifying a SAML ID for service providers associated with the stack of service tags.
  - 19. The server of claim 18, wherein the service providers are configured to identify the service chain based on the SAML ID and to process the packets based thereon.

20. A non-transitory computer memory comprising instructions for service function chaining using Security Assertion Markup Language (SAML) assertions, the instructions are executable by a processor to perform steps of:
- receiving configuration information related to any of users, services, and correspondence between the users and the services;
  
  responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and
  
  providing the SAML assertion with the stack of service tags to the user in response to the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zscaler Incorporated
Original Assignee
Zscaler Incorporated
Inventors
DESAI, Purvi, BANSAL, Abhinav, GANGADHARAPPA, Tejus

Granted Patent

US 10,574,652 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 67/63   Routing a service request d...

SYSTEMS AND METHODS FOR CLOUD-BASED SERVICE FUNCTION CHAINING USING SECURITY ASSERTION MARKUP LANGUAGE (SAML) ASSERTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR CLOUD-BASED SERVICE FUNCTION CHAINING USING SECURITY ASSERTION MARKUP LANGUAGE (SAML) ASSERTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links