Security synchronization services

US 8,032,935 B2
Filed: 06/29/2007
Issued: 10/04/2011
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method of synchronizing role membership within security roles of disparate computer applications, the method comprising:

interfacing, by a management console, with disparate computer applications having different established security infrastructures that support security roles for users, the management console configured to interface with the disparate computer applications via a synchronization web service;

collecting, by the management console, the security roles used in each of the disparate computer applications;

storing, at the management console, synchronization rules for associating collected security roles among the disparate computer applications;

presenting, by the management console, one or more user interfaces for selecting a particular computer application from the disparate computer applications, selecting a particular security role, selecting one or more users to be granted the particular security role, and selecting a synchronization rule that is related to the particular computer application and to the particular security role; and

executing, by the management console via the synchronization web service, a selected synchronization rule that specifies the particular computer application as a source application, specifies a destination application from the disparate computer applications, and associates the particular security role with a collected security role of the destination application;

wherein execution of the selected synchronization rule synchronizes role membership within the particular security role of the particular application specified as the source application and role membership within the collected security role of the destination application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As a result of the inability to assign security in multiple applications at one time, there is an opportunity to tie the disparate security systems together. Security synchronization services is a method and apparatus that uses roles to provide a common administration experience for all applications that use it and fits better for new applications.

Citations

20 Claims

1. A method of synchronizing role membership within security roles of disparate computer applications, the method comprising:
- interfacing, by a management console, with disparate computer applications having different established security infrastructures that support security roles for users, the management console configured to interface with the disparate computer applications via a synchronization web service;
  
  collecting, by the management console, the security roles used in each of the disparate computer applications;
  
  storing, at the management console, synchronization rules for associating collected security roles among the disparate computer applications;
  
  presenting, by the management console, one or more user interfaces for selecting a particular computer application from the disparate computer applications, selecting a particular security role, selecting one or more users to be granted the particular security role, and selecting a synchronization rule that is related to the particular computer application and to the particular security role; and
  
  executing, by the management console via the synchronization web service, a selected synchronization rule that specifies the particular computer application as a source application, specifies a destination application from the disparate computer applications, and associates the particular security role with a collected security role of the destination application;
  
  wherein execution of the selected synchronization rule synchronizes role membership within the particular security role of the particular application specified as the source application and role membership within the collected security role of the destination application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - obtaining, by the management console, scopes of each of the security roles used in the disparate computer applications if the different established security infrastructures of the disparate computer applications support scope specific security roles for users.
  - 3. The method of claim 1, further comprising:
    - displaying a directory of all users from which the one more users to be granted the particular security role are selected.
  - 4. The method of claim 1, wherein:
    - multiple users to be granted the particular security role are selected at the same time, andexecution of the selected synchronization rule adjusts the role membership within the collected security role of the destination application to include the multiple users.
  - 5. The method of claim 1, wherein the one or more user interfaces display a list of all security roles granted to another user for selecting the particular security role.
  - 6. The method of claim 1, further comprising:
    - executing a collection of synchronization rules for synchronizing role membership within the particular security role of the particular computer application specified as the source application with role membership within a collected security role of a first destination application and role membership within a collected security role of a second destination application.
  - 7. The method of claim 1, further comprising:
    - registering, by the management console, a new computer application which is to be called via the synchronization web service.
  - 8. The method of claim 1, wherein the synchronization rules are stored as XML files.

9. A computer system comprising:
- a processor configured to execute computer-executable instructions; and
  
  memory storing computer-executable instructions for implementing a method of synchronizing role memberships within security roles of disparate computer applications, the method comprising;
  
  interfacing, by a management console, with disparate computer applications having different established security infrastructures that support security roles for users, the management console configured to interface with the disparate computer applications via a synchronization web service;
  
  collecting, by the management console, the security roles used in each of the disparate computer applications;
  
  storing, at the management console, synchronization rules for associating collected security roles among the disparate computer applications;
  
  presenting, by the management console, one or more user interfaces for selecting a particular computer application from the disparate computer applications, selecting a particular security role, selecting one or more users to be granted the particular security role, and selecting a synchronization rule that is related to the particular computer application and to the particular security role; and
  
  executing, by the management console via the synchronization web service, a selected synchronization rule that specifies the particular computer application as a source application, specifies a destination application from the disparate computer applications, and associates the particular security role with a collected security role of the destination application;
  
  wherein execution of the selected synchronization rule synchronizes role membership within the particular security role of the particular computer application specified as the source application and role membership within the collected security role of the destination application.
- View Dependent Claims (10, 11, 12)
- - 10. The computer system of claim 9, wherein the synchronization rules are stored as XML files.
  - 11. The computer system of claim 9, wherein the method further comprises:
    - registering, by the management console, a new computer application which is to be called via the synchronization web service.
  - 12. The computer system of claim 9, wherein the method further comprises:
    - executing a collection of synchronization rules for synchronizing role membership within the particular security role of the particular computer application specified as the source application with role membership within a collected security role of a first destination application and role membership within a collected security role of a second destination application.

13. A computer-readable storage medium storing computer executable instructions that, when executed by a computing device, cause the computing device to perform a method of synchronizing role membership within security roles of disparate computer applications, the method comprising:
- interfacing, by a management console, with disparate computer applications having different established security infrastructures that support security roles for users, the management console configured to interface with the disparate computer applications via a synchronization web service;
  
  collecting, by the management console, the security roles used in each of the disparate computer applications;
  
  storing, at the management console, synchronization rules for associating collected security roles among the disparate computer applications;
  
  presenting, by the management console, one or more user interfaces for selecting a particular computer application from the disparate computer applications, selecting a particular security role, selecting one or more users to be granted the particular security role, and selecting a synchronization rule that is related to the particular computer application and to the particular security role; and
  
  executing, by the management console via the synchronization web service, a selected synchronization rule that specifies the particular computer application as a source application, specifies a destination application from the disparate computer applications, and associates the particular security role with a collected security role of the destination application;
  
  wherein execution of the selected synchronization rule synchronizes role membership within the particular security role of the particular computer application specified as the source application and role membership within the collected security role of the destination application.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer readable storage medium of claim 13, further storing computer-executable instructions for:
    - obtaining, by the management console, scopes of each of the security roles used in the disparate computer applications if the different established security infrastructures of the disparate computer applications support scope specific security roles for users.
  - 15. The computer readable storage medium of claim 13, further storing computer-executable instructions for:
    - displaying a directory of all users from which the one more users to be granted the particular security role are selected.
  - 16. The computer readable storage medium of claim 13, wherein:
    - multiple users to be granted the particular security role are selected at the same time, andexecution of the selected synchronization rule adjusts the role membership within the collected security role of the destination application to include the multiple users.
  - 17. The computer readable storage medium of claim 13, wherein the one or more user interfaces display a list of all security roles granted to another user for selecting the particular security role.
  - 18. The computer readable storage medium of claim 13, further storing computer-executable instructions for:
    - executing a collection of synchronization rules for synchronizing role membership within the particular security role of the particular computer application specified as the source application with role membership within a collected security role of a first destination application and role membership within a collected security role of a second destination application.
  - 19. The computer readable storage medium of claim 13, further storing computer-executable instructions for:
    - registering, by the management console, a new computer application which is to be called via the synchronization web service.
  - 20. The computer readable storage medium of claim 14, wherein the synchronization rules are stored as XML files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gullickson, Brian Keith, Winje, Paul, Isley, Michael J., Swenson, Grant Eric
Primary Examiner(s)
EL HADY, NABIL M

Application Number

US11/771,574
Publication Number

US 20090007260A1
Time in Patent Office

1,558 Days
Field of Search

726 16- 21
US Class Current

726/19
CPC Class Codes

G06F 21/604 Tools and structures for ma...

Security synchronization services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security synchronization services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links