Data access programming model for occasionally connected applications

US 8,505,084 B2
Filed: 04/06/2009
Issued: 08/06/2013
Est. Priority Date: 04/06/2009
Status: Active Grant

First Claim

Patent Images

1. A system configured to access a portion of a computing environment stored by a device and secured by an authorization server on behalf of an application executing within a virtual environment, the system comprising:

an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment;

an authorization requesting component configured to;

request an authorization token from the authorization server using at least one credential, andupon receiving an authorization token indicating an authorization by the authentication server of at least one operation performable on the portion of the computing environment, store the authorization token in the authorization token store; and

a computing environment component configured to perform a selected operation on the portion by;

identifying in the authorization token store an authorization token authorizing the selected operation on atoll the portion;

upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and

upon identifying the authorization token, performing the selected operation on the portion of the computing environment stored by the device with the authorization token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Portions of a computing environment (such as a user'"'"'s mesh) may restrict accessing to particular types of access by particular applications. The computer may support applications executing within a virtual environment (such as a web browser) by brokering such access through a token-based system. When an application requests a particular type of access (e.g., writing to a particular data object), the computer may contact an authorization server with the credentials of the application to request the specified access, and may receive and store an authorization token. The computer may then access the computing environment with the authorization token, and may return the results to the application within the virtual environment. Additional features may further support such applications; e.g., a programmatic interface may be provided in a familiar language, such as JavaScript, whereby applications can request access to particular data objects and identify authorized access capabilities.

31 Citations

View as Search Results

20 Claims

1. A system configured to access a portion of a computing environment stored by a device and secured by an authorization server on behalf of an application executing within a virtual environment, the system comprising:
- an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment;
  
  an authorization requesting component configured to;
  
  request an authorization token from the authorization server using at least one credential, andupon receiving an authorization token indicating an authorization by the authentication server of at least one operation performable on the portion of the computing environment, store the authorization token in the authorization token store; and
  
  a computing environment component configured to perform a selected operation on the portion by;
  
  identifying in the authorization token store an authorization token authorizing the selected operation on atoll the portion;
  
  upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and
  
  upon identifying the authorization token, performing the selected operation on the portion of the computing environment stored by the device with the authorization token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1:
    - the application managed by an application host, andthe application configured to execute in an application host connection context selected from a set of application host connection contexts comprising a connected context and a disconnected context.
  - 3. The system of claim 2, the authorization token authorizing the application host to access to the portion.
  - 4. The system of claim 1, the computing environment comprising a deployable computing environment hosted by a computing environment host.
  - 5. The system of claim 1:
    - the computing environment component configured to execute outside of the virtual environment, andthe system comprising a virtual environment interface executing within the virtual environment and configured to invoke the computing environment component to access the computing environment on behalf of the application.
  - 6. The system of claim 5, the virtual environment interface comprising a programmatic interface comprising at least one operation configured to request the authorization token using the at least one credential on behalf of at least one application.
  - 7. The system of claim 1:
    - the virtual environment comprising a web browser, andthe application comprising a web application executing within the web browser.
  - 8. The system of claim 7:
    - the authorization server comprising a web service, andthe authorization requesting component configured to request the authorization token by;
      
      accessing a token authorizing address of the web service, andupon receiving the authorization token, navigating the web browser to a return address associated with the web application.
  - 9. The system of claim 1, the authorization requesting component configured to request the authorization token by providing to the authorization server:
    - at least one computing environment portion identifier identifying the portion of the computing environment;
      
      at least one access type identifier identifying permissible operations on the portion; and
      
      at least one identity identifier.
  - 10. The system of claim 9, the access type identifier comprising at least one role selected from a set of roles comprising an owner role, a contributor role, and a reader role.
  - 11. The system of claim 9, the computing environment portion identifier selected from a set of portions of the computing environment comprising:
    - a complete computing environment;
      
      at least one data object represented in the computing environment;
      
      at least one data object type of at least one data object represented in the computing environment;
      
      at least one event list represented in the computing environment;
      
      at least one device represented in the computing environment;
      
      at least one contact represented in the computing environment; and
      
      at least one user profile represented in the computing environment.
  - 12. The system of claim 9, the at least one identity identifier selected from an identity set comprising:
    - the application;
      
      a user of the application; and
      
      an application host of the application.
  - 13. The system of claim 9, the authorization requesting component configured to provide to the authorization server while requesting the authorization token at least one privacy policy document describing a privacy policy of the application.
  - 14. The system of claim 1:
    - the authorization token comprising an authorization duration, andthe authorization requesting component configured to remove the authorization token from the authorization token store after expiration of the authorization duration.
  - 15. The system of claim 1, the authorization requesting component configured to:
    - present within the virtual environment to a user of the application an application access request, andupon receiving a user authorization of the application access request, request the authorization token, the at least one credential including the user authorization.
  - 16. The system of claim 1, the authorization requesting component configured to request the authorization token for the application upon receiving a request to install the application in the computing environment.
  - 17. The system of claim 1, the authorization token store comprising a portion of the computing environment.
  - 18. The system of claim 17, the computing environment configured to store at least one application authorization mapping that associates the application with the authorization token in the computing environment.

19. A computer-readable storage device comprising instructions that, when executed on a processor of a device storing a computing environment, cause the device to perform a selected operation on a portion of the computing environment secured by an authorization server on behalf of an application executing within a virtual environment by:
- storing in an authorization token store at least one authorization token indicating an authorization by the authorization service of at least one operation performable on respective portions of the computing environment;
  
  requesting an authorization token from the authorization server using at least one credential;
  
  upon receiving an authorization token indicating an authorization by the authentication server of at least one operation performable on the portion of the computing environment, storing the authorization token in the authorization token store;
  
  identifying in the authorization token store an authorization token by the authorization service authorizing the selected operation on the portion;
  
  upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and
  
  upon identifying the authorization token, performing the selected operation on the portion of the computing environment stored by the device with the authorization token.

20. A system configured to access a portion of a deployable computing environment hosted by a computing environment host stored by a device and secured by an authorization server on behalf of an application executing within a virtual environment, the application managed by an application host and configured to execute in an application host connection context selected from a set of application host connection contexts comprising a connected context and a disconnected context, the system comprising:
- an authorization token store configured to store authorization tokens authorizing access to respective portions of the computing environment;
  
  an authorization requesting component configured to;
  
  request an authorization token from the authorization server using at least one credential by providing to the authorization server;
  
  at least one computing environment portion identifier identifying the portion of the computing environment selected from a set of portions of the computing environment comprising;
  
  a complete computing environment,at least one data object represented in the computing environment,at least one data object type of at least one data object represented in the computing environment,at least one event list represented in the computing environment,at least one device represented in the computing environment,at least one contact represented in the computing environment, andat least one user profile represented in the computing environment;
  
  at least one access type identifier identifying operations performable on the portion and comprising at least one role selected from a set of roles comprising an owner role, a contributor role, and a reader role;
  
  at least one identity identifier selected from an identity set comprising;
  
  the application,a user of the application, andan application host of the application; and
  
  at least one privacy policy document describing a privacy policy of the application;
  
  upon receiving an authorization token indicating an authorization by the authentication server of at least one operation performable on the portion of the computing environment, storing the authorization token in the authorization token store;
  
  remove the authorization token from the authorization token store after expiration of an authorization duration specified by the authorization token;
  
  a computing environment component configured to execute outside of the virtual environment and to perform a selected operation on the portion by;
  
  identifying in the authorization token store an authorization token authorizing the selected operation on the portion;
  
  upon failing to identify the authorization token, invoking the authorization requesting component to obtain the authorization token; and
  
  upon identifying the authorization token, performing the selected operation on the portion of the computing environment stored by the device with the authorization token; and
  
  a virtual environment interface executing within the virtual environment and configured to invoke the computing environment component to perform a selected operation on the computing environment on behalf of the application, and comprising a programmatic interface available in the virtual environment, at least one of the operations comprising requesting the authorization token using the at least one credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Shukla, Dharma K., Burdick, Matthew J., Ghanaie-Sichanie, Arash, Augustine, Matthew S., Krishnan, Hari
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Traore, Fatoumata

Application Number

US12/418,658
Publication Number

US 20100257578A1
Time in Patent Office

1,583 Days
Field of Search

None
US Class Current

726/9
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/80   Wireless network architectu...

H04L 9/3234   involving additional secure...

Data access programming model for occasionally connected applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data access programming model for occasionally connected applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links