Method and apparatus for providing authentication and encryption services by a software as a service platform
First Claim
1. A services hosting platform providing a host infrastructure that is sharable by multiple tenants and that hosts a plurality of services, the services hosting platform comprising:
- an authentication server, implemented using at least a first processor of the services hosting platform, for generating and processing tokens associated with clients and services, wherein the authentication server;
receives a request from a client of a tenant for a first service from among the plurality of services provided by the services hosting platform, the request including a credential of the client; and
determines, responsive to the credential of the client, whether the client is authorized for the first service;
if it is determined that the client is authorized for the first service, forwards a token for the client that enables the client to open a session for the first service with the services hosting platform; and
an application server, implemented using at least a second processor of the services hosting platform, for providing a version of the first service to the client of the tenant, wherein access to the version of the first service is permitted following authentication of the client by the authentication server, wherein, after authentication of the client by the authentication server, the application server;
wraps the token of the client with a host specific platform identifier for the first service to provide a platform security token;
invokes a security service via a security service handler that uses the platform security token to verify that the client has credentials to perform the first service on the services hosting platform, and selectively performs the first service for the client responsive to the security service indicating that the client has sufficient credentials for receiving the first service, wherein the security service is included among the plurality of services provided by the services hosting platform; and
after receiving an indication from the security service that the client has sufficient credentials for receiving the first service, the application server invokes at least one additional service via an additional service handler from among the plurality of services provided by the services hosting platform, wherein the at least one additional service augments the first service and is selectively invoked, by the application server via the additional service handler, transparently to the client in accordance with needs of the first service, the augmenting of the first service by the at least one additional service being a services extension pipeline that augments functions of the first service, using the at least one additional service, transparently to the client.
9 Assignments
0 Petitions
Accused Products
Abstract
An extensible servicing hosting platform is provided that supports the design, build and concurrent deployment of multiple web accessible services on a services hosting platform. The services hosting platform comprises a services hosting framework capable of hosting multiple service applications, each of which may be shared by multiple tenants that each customize their use of a particular application service by extending the application service to exploit run time platform services within a service execution pipeline. The services hosting framework may easily be leveraged by applications to decrease the time associated with developing, deploying and maintaining high quality services in a cost effective manner.
82 Citations
7 Claims
-
1. A services hosting platform providing a host infrastructure that is sharable by multiple tenants and that hosts a plurality of services, the services hosting platform comprising:
-
an authentication server, implemented using at least a first processor of the services hosting platform, for generating and processing tokens associated with clients and services, wherein the authentication server; receives a request from a client of a tenant for a first service from among the plurality of services provided by the services hosting platform, the request including a credential of the client; and determines, responsive to the credential of the client, whether the client is authorized for the first service; if it is determined that the client is authorized for the first service, forwards a token for the client that enables the client to open a session for the first service with the services hosting platform; and an application server, implemented using at least a second processor of the services hosting platform, for providing a version of the first service to the client of the tenant, wherein access to the version of the first service is permitted following authentication of the client by the authentication server, wherein, after authentication of the client by the authentication server, the application server; wraps the token of the client with a host specific platform identifier for the first service to provide a platform security token; invokes a security service via a security service handler that uses the platform security token to verify that the client has credentials to perform the first service on the services hosting platform, and selectively performs the first service for the client responsive to the security service indicating that the client has sufficient credentials for receiving the first service, wherein the security service is included among the plurality of services provided by the services hosting platform; and after receiving an indication from the security service that the client has sufficient credentials for receiving the first service, the application server invokes at least one additional service via an additional service handler from among the plurality of services provided by the services hosting platform, wherein the at least one additional service augments the first service and is selectively invoked, by the application server via the additional service handler, transparently to the client in accordance with needs of the first service, the augmenting of the first service by the at least one additional service being a services extension pipeline that augments functions of the first service, using the at least one additional service, transparently to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification