Application identity design
First Claim
1. An interoperability network configured to facilitate messaging and mediate policy differences among a plurality of independent applications and users having associated client machines, the interoperability network comprising one or more computing devices configured to:
- receive a request for a first application to perform a particular task involving a second application on behalf of a first user, wherein the first and second applications are in communication with an interoperability network and are provided by least one service provider;
determine whether a first user has provided a first set of credentials that defines access information for the second application, the first set of credentials being included among a plurality of sets of credentials stored on one or more storage media accessible through the interoperability network;
determine whether the first application is authorized to act on behalf of the first user with respect to the second application with reference to one or more of a plurality of permissions stored on the one or more storage media; and
where the first user has provided the first set of credentials, and where the first application is authorized to act on behalf of the first user with respect to the second application, authorizing the first application to perform the particular task involving the second application on behalf of the first user.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
-
Citations
20 Claims
-
1. An interoperability network configured to facilitate messaging and mediate policy differences among a plurality of independent applications and users having associated client machines, the interoperability network comprising one or more computing devices configured to:
-
receive a request for a first application to perform a particular task involving a second application on behalf of a first user, wherein the first and second applications are in communication with an interoperability network and are provided by least one service provider; determine whether a first user has provided a first set of credentials that defines access information for the second application, the first set of credentials being included among a plurality of sets of credentials stored on one or more storage media accessible through the interoperability network; determine whether the first application is authorized to act on behalf of the first user with respect to the second application with reference to one or more of a plurality of permissions stored on the one or more storage media; and where the first user has provided the first set of credentials, and where the first application is authorized to act on behalf of the first user with respect to the second application, authorizing the first application to perform the particular task involving the second application on behalf of the first user. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
2. The network of claim wherein each of the plurality of sets of credentials defines access information for a corresponding user for a corresponding application in communication with the interoperability network.
-
9. A method for facilitating communications via an interoperability network configured to facilitate messaging and mediate policy differences among a plurality of independent applications and users having associated client machines, the method comprising:
-
receiving a request for a first application to perform a particular task involving a second application on behalf of a first user, wherein the first and second applications are in communication with an interoperability network and are provided by at least one service provider; determining whether the first user has provided a first set of credentials that defines access information for the second application, the first set of credentials being included among a plurality of sets of credentials stored on one or more storage media accessible through the interoperability network; determining whether the first application is authorized to act on behalf of the first user with respect to the second application with reference to one or more of a plurality of permissions stored on the one or more storage media; and where the first user has provided the first set of credentials, and where the first application is authorized to act on behalf of the first user with respect to the second application, authorizing the first application to perform the particular task involving the second application on behalf of the first user. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium storing instructions for facilitating communications via an interoperability network configured to facilitate messaging and mediate policy differences among a plurality of independent applications and users having associated client machines, the instructions comprising:
-
first instructions for receiving a request for a first application to perform a particular task involving a second application on behalf of a first user, wherein the first and second applications are in communication with an interoperability network and are provided by at least one service provider; second instructions for determining whether the first user has provided a first set of credentials that defines access information for the second application, the first set of credentials being included among a plurality of sets of credentials stored on one or more storage media accessible through the interoperability network; third instructions for determining whether the first application is authorized to act on behalf of the first user with respect to the second application with reference to one or more of a plurality of permissions stored on the one or more storage media; and fourth instructions for, where the first user has provided the first set of credentials, and where the first application is authorized to act on behalf of the first user with respect to the second application, authorizing the first application to perform the particular task involving the second application on behalf of the first user. - View Dependent Claims (18, 19, 20)
-
Specification