Delegated authentication for web services
First Claim
1. A method for attempting to establish permission to enable delegated authentication for web services, the method comprising:
- receiving an access request in a host application executing on a first computing system from a delegate application executing on a second computing system to access protected data stored on the first computing system, the protected data comprising a plurality of units of data;
determining whether the delegate application has been pre-approved to access the protected data;
automatically granting access to the protected data to the delegate application when the delegate application has been pre-approved;
when the delegate application has not been pre-approved to access the protected data;
a) receiving a request that references an offer from the delegate application to access the protected data;
b) referencing an offer database for a definition of the offer comprising a plurality of parameters, the plurality of parameters including at least one of;
a scope and a duration of the access;
c) presenting the offer referenced by the delegate application to an owner of the protected data via a user interface executing on a third computing system;
c) receiving a response from the owner of the protected data to the requested offer from the delegate application, the response comprising a user-selection of units of the protected data for which access is granted;
d) providing access to the protected data to the delegate application based on the response to the owner; and
e) sending a delegation token to the delegate application, the delegation token defining an access to the protected data for the delegate application based on the response of the owner of the protected data,wherein c) presenting the offer referenced by the delegate application to the owner comprises presenting potential hazards or risks to the owner from granting access to the delegate application.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the claimed subject matter provide a method and an apparatus for enabling delegated authentication for web services. Delegated authentication is provided without divulging the information the user requires to complete an authorization procedure of another web service or otherwise subjecting the user to unnecessary risk. Furthermore, delegated authentication is granted for a limited duration and access is subject to further limitations to prevent unnecessary intrusion to the user, the user'"'"'s data, and the host web service.
One embodiment of the claimed subject matter is implemented as a method for enabling delegated authentication to allow a third party service access to protected data on a host service. A user attempting to utilize functionality of a third party website that requests access to the user'"'"'s data stored on a separate host website is enabled as a delegate with authorization to access the data stored on the host website.
26 Citations
28 Claims
-
1. A method for attempting to establish permission to enable delegated authentication for web services, the method comprising:
-
receiving an access request in a host application executing on a first computing system from a delegate application executing on a second computing system to access protected data stored on the first computing system, the protected data comprising a plurality of units of data; determining whether the delegate application has been pre-approved to access the protected data; automatically granting access to the protected data to the delegate application when the delegate application has been pre-approved; when the delegate application has not been pre-approved to access the protected data; a) receiving a request that references an offer from the delegate application to access the protected data; b) referencing an offer database for a definition of the offer comprising a plurality of parameters, the plurality of parameters including at least one of;
a scope and a duration of the access;c) presenting the offer referenced by the delegate application to an owner of the protected data via a user interface executing on a third computing system; c) receiving a response from the owner of the protected data to the requested offer from the delegate application, the response comprising a user-selection of units of the protected data for which access is granted; d) providing access to the protected data to the delegate application based on the response to the owner; and e) sending a delegation token to the delegate application, the delegation token defining an access to the protected data for the delegate application based on the response of the owner of the protected data, wherein c) presenting the offer referenced by the delegate application to the owner comprises presenting potential hazards or risks to the owner from granting access to the delegate application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for enabling delegated authentication to allow access to a protected data, the method comprising:
-
establishing permission from an owner of the protected data for a delegate service to access the protected data via an exchange of a delegation token by receiving, in a first computing system in which the protected data is stored, an access request and a pre-defined offer sent from a delegate service executing on a second computing system and seeking access to the protected data; presenting the offer to the owner via a user interface on a third computing system; receiving a response of the owner, the response comprising a user-selection of units of the protected data for which access is granted; sending a delegation token based on the response of the owner to the delegate service that provides a plurality of parameters defining the access allowed to the delegate service, the offer being sent from the delegate service by referencing an offer database to obtain a definition of the offer comprising at least one of;
a scope and a duration of the access;validating the delegation token of the delegate service to access the protected data; and providing access to the protected data when the request of the delegate service to access the protected data is valid, wherein presenting the offer comprises presenting potential hazards or risks to the owner from granting access to the delegate application. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for enabling delegated authentication for web services, the system comprising:
-
a computer system having a processor coupled to a memory, the memory having computer readable code, which when executed by the processor causes the computer system to implement a storage application for facilitating delegated authentication to allow access to protected data, wherein, the storage application receives a request and an offer obtained by referencing an offer database to obtain a definition of the offer comprising at least one of a scope and a duration of the offer from a delegate application to access the protected data, presents the offer from the delegate application to an owner of the protected data, receives a response from the owner of the protected data to the offer from the delegate application, and sends a delegation token to the delegate application that provides a plurality of parameters defining any access allowed to the delegate service, wherein, when presenting the offer from the delegate application to the owner of the protected data, potential hazards or risks to the owner from granting access to the delegation application are also presented further wherein the response comprises a user-selection of units of the protected data for which access is granted. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification