Propagating user identities in a secure federated search system
First Claim
1. A method, comprising:
- authenticating a user to a secure federated search environment;
obtaining individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system;
obtaining security credentials, a user ID, and a password from the user;
translating the user ID and password into user identities for each of the identity management systems;
filtering the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system;
subscribing the user to at least one of a plurality of secure data source templates, the plurality of secure data sources templates defining the location of a repository and a set of instructions on how to crawl the repository;
automatically launching a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment;
receiving a query from the user;
appending, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query;
propagating the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources; and
consolidating query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and displaying the consolidated query results to the user in response to the query.
1 Assignment
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
-
Citations
16 Claims
-
1. A method, comprising:
-
authenticating a user to a secure federated search environment; obtaining individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system; obtaining security credentials, a user ID, and a password from the user; translating the user ID and password into user identities for each of the identity management systems; filtering the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system; subscribing the user to at least one of a plurality of secure data source templates, the plurality of secure data sources templates defining the location of a repository and a set of instructions on how to crawl the repository; automatically launching a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment; receiving a query from the user; appending, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query; propagating the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources; and consolidating query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and displaying the consolidated query results to the user in response to the query. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system, comprising:
-
a processor; a memory operatively coupled to the processor; a user authentication component to authenticate a user to a secure federated search environment; a query component operable by the processor to receive a query from the user; and a federated broker in the memory operable by the processor to; obtain individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system; obtain security credentials, a user ID, and a password from the user; translate the user ID and password into user identities for each of the identity management systems; filter the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system; subscribe the user to at least one of a plurality of secure data source templates, the plurality of secure data source templates defining the location of a repository and a set of instructions on how to crawl the repository; automatically launch a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment; the federated broker being further operable to append, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query; propagate the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources, the federated broker being further operable to consolidate query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and transmit the consolidated query results to the user to be displayed as query results. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product embedded in a computer readable storage medium, comprising:
-
program code for authenticating a user to a secure federated search environment; program code for obtaining individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system; program code for obtaining security credentials, a user ID, and a password from the user; program code for translating the user ID and password into user identities for each of the identity management systems; program code for filtering the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system; program code for subscribing the user to at least one of the plurality of secure data source templates, the plurality of secure data sources templates defining the location of a repository and a set of instructions on how to crawl the repository; program code for automatically launching a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment; program code for receiving a query from the user; program code for appending, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query; program code for propagating the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources; and program code for consolidating query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and displaying the consolidated query results to the user in response to the query. - View Dependent Claims (15, 16)
-
Specification