Local Write for a Multi-Tenant Identity Cloud Service

US 20190312857A1
Filed: 01/16/2019
Published: 10/10/2019
Est. Priority Date: 04/04/2018
Status: Active Grant

First Claim

Patent Images

1. A multi-tenant cloud system comprising:

a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area;

a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area;

the second data center receiving a request from a first client of the first plurality of registered clients to perform a first write for a resource at the second data center;

the second data center generating a call to the first data center, the call comprising a second write for the resource at the first data center, the second write comprising a special header;

the second data center retrieving data corresponding to the first write and sending the retrieved data to the first data center; and

the first data center writing on the data based on the first write, the writing on the data comprising changing the data to generate changed data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments perform write operations in a multi-tenant cloud system that includes a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. Embodiments receive a request from a first client to perform a first write for a resource at the second data center. Embodiments generate a call to the first data center including a second write for the resource at the first data center. Embodiments retrieve data corresponding to the first write and send the retrieved data to the first data center. Embodiments write on the data based on the first write, the writing on the data including changing the data to generate changed data.

20 Citations

20 Claims

1. A multi-tenant cloud system comprising:
- a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area;
  
  a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area;
  
  the second data center receiving a request from a first client of the first plurality of registered clients to perform a first write for a resource at the second data center;
  
  the second data center generating a call to the first data center, the call comprising a second write for the resource at the first data center, the second write comprising a special header;
  
  the second data center retrieving data corresponding to the first write and sending the retrieved data to the first data center; and
  
  the first data center writing on the data based on the first write, the writing on the data comprising changing the data to generate changed data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The multi-tenant cloud system of claim 1, wherein the first data center is a master region for the first client and includes an identity account for the first client, and the second data center is a replica region for the first client and does not include an identity account for the first client.
  - 3. The multi-tenant cloud system of claim 1, further comprising:
    - the second data center determining whether the resource supports a local write;
      
      when the resource does not support a local write, instead of generating the call to the first data center, returning to the second data center a response to the first client that comprises a redirect Uniform Resource Locator (URL).
  - 4. The multi-tenant cloud system of claim 1, further comprising replicating the changed data in the second data center.
  - 5. The multi-tenant cloud system of claim 1, wherein the special header is signed using a global signing key.
  - 6. The multi-tenant cloud system of claim 1, wherein the request from the first client comprises a request Uniform Resource Locator (URL) that can be used to both write data and read data from the second data center.
  - 7. The multi-tenant cloud system of claim 6, wherein the cloud system comprises a plurality of microservices that perform identity management tasks, request URL comprises:
    - an identity of the first client, an identity of the resource and an identity of one of the plurality of microservices.
  - 8. The multi-tenant cloud system of claim 1, the changing the data comprising adding new data.

9. A method of performing write operations in a multi-tenant cloud system that comprises a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area, the method comprising:
- at the second data center, receiving a request from a first client of the first plurality of registered clients to perform a first write for a resource at the second data center;
  
  at the second data center, generating a call to the first data center, the call comprising a second write for the resource at the first data center, the second write comprising a special header;
  
  at the second data center, retrieving data corresponding to the first write and sending the retrieved data to the first data center; and
  
  at the first data center, writing on the data based on the first write, the writing on the data comprising changing the data to generate changed data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the first data center is a master region for the first client and includes an identity account for the first client, and the second data center is a replica region for the first client and does not include an identity account for the first client.
  - 11. The method of claim 9, further comprising:
    - determining whether the resource supports a local write;
      
      when the resource does not support a local write, instead of generating the call to the first data center, returning a response to the first client that comprises a redirect Uniform Resource Locator (URL).
  - 12. The method of claim 9, further comprising replicating the changed data in the second data center.
  - 13. The method of claim 9, wherein the special header is signed using a global signing key.
  - 14. The method of claim 9, wherein the request from the first client comprises a request Uniform Resource Locator (URL) that can be used to both write data and read data from the second data center.
  - 15. The method of claim 14, wherein the cloud system comprises a plurality of microservices that perform identity management tasks, request URL comprises:
    - an identity of the first client, an identity of the resource and an identity of one of the plurality of microservices.
  - 16. The method of claim 9, the changing the data comprising adding new data.

17. A non-transitory computer-readable medium storing instructions which, when executed by one or more processors, cause the processors to perform write operations in a multi-tenant cloud system that comprises a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area, the write operations comprising:
- at the second data center, receiving a request from a first client of the first plurality of registered clients to perform a first write for a resource at the second data center;
  
  at the second data center, generating a call to the first data center, the call comprising a second write for the resource at the first data center, the second write comprising a special header;
  
  at the second data center, retrieving data corresponding to the first write and sending the retrieved data to the first data center; and
  
  at the first data center, writing on the data based on the first write, the writing on the data comprising changing the data to generate changed data.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable medium of claim 17, wherein the first data center is a master region for the first client and includes an identity account for the first client, and the second data center is a replica region for the first client and does not include an identity account for the first client.
  - 19. The non-transitory computer-readable medium of claim 17, the write operations further comprising:
    - determining whether the resource supports a local write;
      
      when the resource does not support a local write, instead of generating the call to the first data center, returning a response to the first client that comprises a redirect Uniform Resource Locator (URL).
  - 20. The non-transitory computer-readable medium of claim 17, the write operations further comprising replicating the changed data in the second data center.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
LANDER, Vadim, BALU, Balakumar, MEDAM, Venkateswara Reddy, SHIH, Kuang-Yu, GUPTA, Lokesh, ASOKKUMAR, Vasukiammaiyar, WILSON, Gregg

Granted Patent

US 11,258,775 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 3/0607   by facilitating the process...

G06F 3/0622   in relation to access

G06F 3/065   Replication mechanisms

G06F 3/067   Distributed or networked st...

G06F 9/5072   Grid computing

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/12   Transmitting and receiving ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04W 12/009   specially adapted for netwo...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/63 : Location-dependent; Proximi...

View All

Local Write for a Multi-Tenant Identity Cloud Service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Local Write for a Multi-Tenant Identity Cloud Service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links