Managing secure resources in web resources that are accessed by multiple portals
First Claim
1. An apparatus for authorizing users of network portals to access a project hosted by a secure server, comprising:
- an owning portal including an owning portal (OP) policy manager, an OP repository, and an authorization table, the OP policy manager for determining whether a user is authorized to communicate with the secure server, the OP repository for comparing authentication information to stored information, and the authorization table for storing a plurality of user identifiers, each representing a user of the owning portal, and for storing for each of the user identifiers an access privilege to the project;
wherein the owning portal is configured for assigning a proxy user identifier to a guest portal, and for associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; and
wherein the authorization table stores a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal;
a secure server established by an administrator of said owning portal including a secure server policy manager to receive from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the secure server policy manager grants to the user of the owning portal access to the project according to the access privilege stored in the authorization table for the first user identifier;
wherein the secure server policy manager receives from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and the portal identifier representing the guest portal, wherein the secure server policy manager grants to the user of the guest portal access to the project according to the guest access privilege stored in the authorization table for the proxy user identifier, andwherein the first request comprises a portal identifier representing the owning portal, wherein the apparatus further comprises a portal repository to receive the first request, and to authenticate the owning portal using the portal identifier in the first request.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and computer-readable media for authorizing users of network portals to access a secure resource hosted by a secure server comprises storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the secure resource; storing a proxy user identifier representing a guest portal and a guest access privilege to the secure resource for all of the users of the guest portal; receiving from the owning portal a first request for access to the secure resource, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the secure resource according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the secure resource, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the secure resource according to the guest access privilege stored in the authorization table for the proxy user identifier.
-
Citations
18 Claims
-
1. An apparatus for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
an owning portal including an owning portal (OP) policy manager, an OP repository, and an authorization table, the OP policy manager for determining whether a user is authorized to communicate with the secure server, the OP repository for comparing authentication information to stored information, and the authorization table for storing a plurality of user identifiers, each representing a user of the owning portal, and for storing for each of the user identifiers an access privilege to the project; wherein the owning portal is configured for assigning a proxy user identifier to a guest portal, and for associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; and wherein the authorization table stores a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; a secure server established by an administrator of said owning portal including a secure server policy manager to receive from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the secure server policy manager grants to the user of the owning portal access to the project according to the access privilege stored in the authorization table for the first user identifier; wherein the secure server policy manager receives from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and the portal identifier representing the guest portal, wherein the secure server policy manager grants to the user of the guest portal access to the project according to the guest access privilege stored in the authorization table for the proxy user identifier, and wherein the first request comprises a portal identifier representing the owning portal, wherein the apparatus further comprises a portal repository to receive the first request, and to authenticate the owning portal using the portal identifier in the first request.
-
-
2. An apparatus for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
an owning portal including an owning portal (OP) policy manager, an OP repository, and an authorization table, the OP policy manager for determining whether a user is authorized to communicate with the secure server, the OP repository for comparing authentication information to stored information, and the authorization table for storing a plurality of user identifiers, each representing a user of the owning portal, and for storing for each of the user identifiers an access privilege to the project; wherein the owning portal is configured for assigning a proxy user identifier to a guest portal, and for associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; and wherein the authorization table stores a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; a secure server established by an administrator of said owning portal including a secure server policy manager to receive from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the secure server policy manager grants to the user of the owning portal access to the project according to the access privilege stored in the authorization table for the first user identifier; wherein the secure server policy manager receives from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and the portal identifier representing the guest portal, wherein the secure server policy manager grants to the user of the guest portal access to the project according to the guest access privilege stored in the authorization table for the proxy user identifier, the owning portal, wherein the owning portal receives from the user of the owning portal a third request for access to the project, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and a user repository to authenticate the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal. - View Dependent Claims (3)
-
-
4. An apparatus for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
an owning portal including an owning portal (OP) policy manager, an OP repository, and an authorization table, the OP policy manager for determining whether a user is authorized to communicate with the secure server, the OP repository for comparing authentication information to stored information, and the authorization table for storing a plurality of user identifiers, each representing a user of the owning portal, and for storing for each of the user identifiers an access privilege to the project; wherein the owning portal is configured for assigning a proxy user identifier to a guest portal, and for associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; and wherein the authorization table stores a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; a secure server established by an administrator of said owning portal including a secure server policy manager to receive from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the secure server policy manager grants to the user of the owning portal access to the project according to the access privilege stored in the authorization table for the first user identifier; wherein the secure server policy manager receives from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and the portal identifier representing the guest portal, wherein the secure server policy manager grants to the user of the guest portal access to the project according to the guest access privilege stored in the authorization table for the proxy user identifier; and a portal repository to receive the second request, and to authenticate the guest portal using the portal identifier in the second request.
-
-
5. An apparatus for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
an owning portal including an owning portal (OP) policy manager, an OP repository, and an authorization table, the OP policy manager for determining whether a user is authorized to communicate with the secure server, the OP repository for comparing authentication information to stored information, and the authorization table for storing a plurality of user identifiers, each representing a user of the owning portal, and for storing for each of the user identifiers an access privilege to the project; wherein the owning portal is configured for assigning a proxy user identifier to a guest portal, and for associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; and wherein the authorization table stores a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; a secure server established by an administrator said owning portal including a secure server policy manager to receive from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the secure server policy manager grants to the user of the owning portal access to the project according to the access privilege stored in the authorization table for the first user identifier; wherein the secure server policy manager receives from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and the portal identifier representing the guest portal, wherein the secure server policy manager grants to the user of the guest portal access to the project according to the guest access privilege stored in the authorization table for the proxy user identifier, the guest portal, wherein the guest portal receives from the user of the guest portal a fourth request for access to the project, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and a user repository to authenticate the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal. - View Dependent Claims (6)
-
-
7. A computer-implemented method for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the first request comprises a portal identifier representing the owning portal; authenticating the owning portal using the portal identifier in the first request; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier.
-
-
8. A computer-implemented method for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the project, according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and portal identifier representing the guest portal; granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier; receiving at the owning portal from the user of the owning portal a third request for access to the project, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and authenticating the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal. - View Dependent Claims (9)
-
-
10. A computer-implemented method for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project the, role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and portal identifier representing the guest portal; authenticating the guest portal using the portal identifier in the second request; and granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier.
-
-
11. A computer-implemented method for authorizing users of network portals to access a project hosted by a secure server, comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project the, role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier; receiving at the guest portal from the user of the guest portal a fourth request for access to the project, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and authenticating the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal. - View Dependent Claims (12)
-
-
13. Tangible computer-readable media embodying instructions executable by a computer to perform a method for authorizing users of network portals to access a project hosted by a secure server, the method comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal, wherein the first request comprises a portal identifier representing the owning portal; authenticating the owning portal using the portal identifier in the first request; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; and granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier.
-
-
14. Tangible computer-readable media embodying instructions executable by a computer to perform a method for authorizing users of network portals to access a project hosted by a secure server, the method comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier, receiving at the owning portal from the user of the owning portal a third request for access to the project, the third request comprising the first user identifier and a security credential associated with the user of the owning portal; and authenticating the user of the owning portal based on the first user identifier and the security credential associated with the user of the owning portal. - View Dependent Claims (15)
-
-
16. Tangible computer-readable media embodying instructions executable by a computer to perform a method for authorizing users of network portals to access a project hosted by a secure server, the method comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal; authenticating the guest portal using the portal identifier in the second request; and granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier.
-
-
17. Tangible computer-readable media embodying instructions executable by a computer to perform a method for authorizing users of network portals to access a project hosted by a secure server, the method comprising:
-
storing a plurality of user identifiers, each representing a user of an owning portal; storing for each of the user identifiers an access privilege to the project; determining whether the user is authorized to communicate with the secure server; comparing authentication information to stored information; assigning a proxy user identifier for a guest portal; associating a role with the proxy user identifier that conveys certain access privileges to the project, the role including an access level and an activity security; storing a portal identifier, role, and proxy user identifier representing the guest portal and a guest access privilege to the project for users of the guest portal; receiving from the owning portal a first request for access to the project, the first request comprising a first user identifier representing a user of the owning portal; granting to the user of the owning portal access to the project according to the access privilege stored for the first user identifier; receiving from the guest portal a second request for access to the project, the second request comprising a second user identifier representing a user of the guest portal and a portal identifier representing the guest portal;
p1 granting to the user of the guest portal access to the project according to the guest access privilege for the stored proxy user identifier;receiving at the guest portal from the user of the guest portal a fourth request for access to the project, the fourth request comprising the second user identifier and a security credential associated with the user of the guest portal; and authenticating the user of the guest portal based on the second user identifier and the security credential associated with the user of the guest portal. - View Dependent Claims (18)
-
Specification