Propagating user identities in a secure federated search system

US 8,214,394 B2
Filed: 02/28/2007
Issued: 07/03/2012
Est. Priority Date: 03/01/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

authenticating a user to a secure federated search environment;

obtaining individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system;

obtaining security credentials, a user ID, and a password from the user;

translating the user ID and password into user identities for each of the identity management systems;

filtering the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system;

subscribing the user to at least one of a plurality of secure data source templates, the plurality of secure data sources templates defining the location of a repository and a set of instructions on how to crawl the repository;

automatically launching a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment;

receiving a query from the user;

appending, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query;

propagating the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources; and

consolidating query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and displaying the consolidated query results to the user in response to the query.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.

Citations

16 Claims

1. A method, comprising:
- authenticating a user to a secure federated search environment;
  
  obtaining individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system;
  
  obtaining security credentials, a user ID, and a password from the user;
  
  translating the user ID and password into user identities for each of the identity management systems;
  
  filtering the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system;
  
  subscribing the user to at least one of a plurality of secure data source templates, the plurality of secure data sources templates defining the location of a repository and a set of instructions on how to crawl the repository;
  
  automatically launching a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment;
  
  receiving a query from the user;
  
  appending, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query;
  
  propagating the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources; and
  
  consolidating query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and displaying the consolidated query results to the user in response to the query.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, further comprising:
    - mapping the translated user identities before propagating the transformed queries.
  - 3. A method according to claim 1, further comprising:
    - matching the security credentials with a data source template.
  - 4. A method according to claim 1, wherein:
    - the user identities are different from each other.
  - 5. A method according to claim 1, wherein:
    - each of the plurality of data sources have varying degrees and types of security and access mechanism.
  - 6. A method according to claim 1, wherein:
    - the consolidated query results are displayed in unified format such that the consolidated query results appear to be received from a single data source.
  - 7. A system according to claim 1, whereinthe security credentials from the user comprise an employee level;
    - andthe security attributes from each secure data source comprise a Visibility attribute and at least one Category attribute; and
      
      each security attribute is categorized as either a GRANT or DENY tag.

8. A computer system, comprising:
- a processor;
  
  a memory operatively coupled to the processor;
  
  a user authentication component to authenticate a user to a secure federated search environment;
  
  a query component operable by the processor to receive a query from the user; and
  
  a federated broker in the memory operable by the processor to;
  
  obtain individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system;
  
  obtain security credentials, a user ID, and a password from the user;
  
  translate the user ID and password into user identities for each of the identity management systems;
  
  filter the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system;
  
  subscribe the user to at least one of a plurality of secure data source templates, the plurality of secure data source templates defining the location of a repository and a set of instructions on how to crawl the repository;
  
  automatically launch a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment;
  
  the federated broker being further operable to append, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query;
  
  propagate the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources,the federated broker being further operable to consolidate query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and transmit the consolidated query results to the user to be displayed as query results.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A system according to claim 8, wherein:
    - the plurality of secure data sources are federated data sources.
  - 10. A system according to claim 8, wherein:
    - the plurality of secure data sources include a plurality of respective identity management systems.
  - 11. A system according to claim 8, further comprising:
    - an identity management plug-in component operable to map the translated user identities.
  - 12. A system according to claim 8, wherein:
    - the federated broker sends a cookie for the user to an endpoint application causing the endpoint application to authenticate the user based on the cookie.
  - 13. A system according to claim 10, further comprising:
    - providing the individual security credentials for each of the plurality of secure data sources for the user to a federated broker using the plurality of respective identity management systems.

14. A computer program product embedded in a computer readable storage medium, comprising:
- program code for authenticating a user to a secure federated search environment;
  
  program code for obtaining individual security attributes used by each of a plurality of secure data sources to determine whether to allow the user access, wherein each secure data source has its own identity management system;
  
  program code for obtaining security credentials, a user ID, and a password from the user;
  
  program code for translating the user ID and password into user identities for each of the identity management systems;
  
  program code for filtering the security credentials of the user with the security attributes for each identity management system to create sets of security values corresponding to the security attributes for each identity management system;
  
  program code for subscribing the user to at least one of the plurality of secure data source templates, the plurality of secure data sources templates defining the location of a repository and a set of instructions on how to crawl the repository;
  
  program code for automatically launching a crawl of the at least one secure data source in response to the subscribing, wherein each secure data source crawled is indexed and has a portion stored locally by the federated search environment;
  
  program code for receiving a query from the user;
  
  program code for appending, to the query, the user identities and security values required by the identity management systems for each of the plurality of secure data sources, wherein the query has the user identities and security values embedded in the query;
  
  program code for propagating the appended query to the plurality of secure data sources using the embedded user identities and security values to access the plurality of secure data sources; and
  
  program code for consolidating query results received from the plurality of secure data sources, removing at least one duplicate result from the query results, and displaying the consolidated query results to the user in response to the query.
- View Dependent Claims (15, 16)
- - 15. A computer program product according to claim 14, further comprising:
    - program code for mapping the translated user identities before propagating the translated queries.
  - 16. A computer program product according to claim 14, further comprising:
    - program code for matching the security credentials with a template source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Krishnaprasad, Muralidhar, Bhatkar, Sachin, Nimani, Visar, Chang, Thomas, Bhavsar, Meeten
Primary Examiner(s)
Ali, Mohammad
Assistant Examiner(s)
PENG, HUAWEN A

Application Number

US11/680,559
Publication Number

US 20070220268A1
Time in Patent Office

1,952 Days
Field of Search

707/3, 707/784, 713/186, 713/201, 726/8, 726/32, 726/4
US Class Current

707/781
CPC Class Codes

G06F 16/2452   Query translation

G06F 16/2455   Query execution

H04L 63/0815   providing single-sign-on or...

Propagating user identities in a secure federated search system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Propagating user identities in a secure federated search system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links