Transferable restricted security tokens
First Claim
1. A method to be executed at least in part in a computing device for securely handling third party requests for access to user data in a web-based service environment, comprising:
- receiving a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based service;
extracting a ticket and a claim from the request, wherein the ticket includes an expiration parameter, a restriction role and a key indicator, the restriction role defined to grant permissions specifying a local scope and a scope of a current business unit, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period;
verifying that the ticket has not expired;
loading at least one user role associated with the ticket;
authenticating the ticket by employing a Hash Message Authentication Code (HMAC);
adding a bit to the HMAC of the ticket;
in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associated with the web-based service to restrict the ticket to read-only actions;
determining an access restriction for the request based on intersecting the restriction role and the at least one user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit to prevent an elevation of the restriction role for the connecting user, the restriction role being added, changed and removed independently of tickets that have already been granted; and
enabling the third party provider to access the user data based on the determined access restriction.
2 Assignments
0 Petitions
Accused Products
Abstract
In a web-based service environment, third party providers need to have varying degrees of access to user data for their complementary services. To prevent third party providers from having broader access than necessary or not adequate levels of access, transferable restricted security tickets are employed to determine an appropriate level of access for third parties. Tickets with expiration and restriction roles define a duration and level of access for a third party. The restrictions are determined through an intersection of the authorizing user'"'"'s security role and restriction roles defined in the system.
92 Citations
15 Claims
-
1. A method to be executed at least in part in a computing device for securely handling third party requests for access to user data in a web-based service environment, comprising:
-
receiving a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based service; extracting a ticket and a claim from the request, wherein the ticket includes an expiration parameter, a restriction role and a key indicator, the restriction role defined to grant permissions specifying a local scope and a scope of a current business unit, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period; verifying that the ticket has not expired; loading at least one user role associated with the ticket; authenticating the ticket by employing a Hash Message Authentication Code (HMAC); adding a bit to the HMAC of the ticket; in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associated with the web-based service to restrict the ticket to read-only actions; determining an access restriction for the request based on intersecting the restriction role and the at least one user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit to prevent an elevation of the restriction role for the connecting user, the restriction role being added, changed and removed independently of tickets that have already been granted; and enabling the third party provider to access the user data based on the determined access restriction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for securely handling third party requests for access to user data in a web-based CRM service environment, comprising:
at least one CRM web server configured to; receive a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based CRM service; extract a ticket from the request, wherein the ticket is associated with a domain name of the third party provider and includes an expiration parameter, and a restriction parameter and a key indicator, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period; verify that the ticket has not expired; retrieve a list of restriction roles from the ticket, the restriction roles defined to grant permissions specifying a local scope and a scope of a current business unit; load a user role associated with the sub-process; authenticate the ticket by employing a Hash Message Authentication Code (HMAC); add a bit to the HMAC of the ticket; in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associated with the web-based service to restrict the ticket to read-only actions; and determine an access restriction for the request based on intersecting the restriction roles and the user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit, to prevent an elevation of the restriction roles for the connecting user, the restriction roles being added, changed and removed independently of tickets that have already been granted; and enable the third party provider to access the user data based on the determined access restriction. - View Dependent Claims (10, 11, 12)
-
13. A computer-readable storage device with instructions stored thereon which, when executed by a computing device, perform a method for securely handling third party requests for access to user data in a web-based service environment, the method comprising:
-
receiving a request for access from a third party provider, wherein the request is associated with a sub-process complementing a process of the web-based service; extracting a ticket and a claim from the request, wherein the ticket is associated with a domain name of the third party provider and includes an expiration parameter, a restriction role, a Hash Message Authentication Code (HMAC), a repetition parameter, a key indicator and an organization identifier, the restriction role defined to grant permissions specifying a local scope and a scope of a current business unit, the key indicator indicating which of a plurality of rotating keys for use in the ticket, each of the plurality of rotating keys expiring after a time period, the organization identifier utilized to prevent at least one cross-organization attack in which a same user identification in the HMAC is reused; authenticating the ticket employing the (HMAC); adding a bit to the HMAC of the ticket; in response to adding the bit to the HMAC of the ticket, blocking write actions in a platform associate with the web-based service to restrict the ticket to read-only actions; verifying that the ticket has not expired; loading at least one user role associated with the ticket; determining an access restriction for the request based on intersecting the restriction role and the at least one user role when a connecting user has at least one permission specifying the local scope while not having at least one permission specifying the scope of the current business unit to prevent an elevation of the restriction role for the connecting use, the restriction role being added, changed and removed independently of tickets that have already been granted; and enabling the third party provider to access the user data based on the determined access restriction. - View Dependent Claims (14, 15)
-
Specification