Pluggable claim providers

US 8,689,004 B2
Filed: 12/15/2010
Issued: 04/01/2014
Est. Priority Date: 11/05/2010
Status: Active Grant

First Claim

Patent Images

1. A method for enabling use of security tokens to control access to resources, the method comprising:

receiving, by a server system, multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface;

installing, by the server system, the claim provider plug-ins by modifying one or more configuration settings such that the server system dynamically accesses the claim provider plug-in;

providing, by the server system, a search response to a client device, the search response comprising claim description data, the claim description data describing germane claims, the germane claims being among claims provided by the claim provider plug-ins;

receiving, by the server system, a resource from the client device;

providing interface data to the client device when the resource is received from the server system, the interface data representing a search claim interface that comprises one or more features to receive one or more search criteria from a user;

receiving, by the server system, a search request from the client device, the search request comprising search criteria data, the search criteria data representing the one or more search criteria, the search criteria including one or more keywords;

wherein each of the germane claims satisfies the one or more search criteria;

wherein the software interface declares a description query method;

providing description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins;

receiving description query responses from the claim provider plug-ins in response to the description query requests, the description query responses comprising the claim description data; and

controlling, by the server system, access to the resource on a basis of claims provided by the claim provider plug-ins.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.

34 Citations

View as Search Results

13 Claims

1. A method for enabling use of security tokens to control access to resources, the method comprising:
- receiving, by a server system, multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface;
  
  installing, by the server system, the claim provider plug-ins by modifying one or more configuration settings such that the server system dynamically accesses the claim provider plug-in;
  
  providing, by the server system, a search response to a client device, the search response comprising claim description data, the claim description data describing germane claims, the germane claims being among claims provided by the claim provider plug-ins;
  
  receiving, by the server system, a resource from the client device;
  
  providing interface data to the client device when the resource is received from the server system, the interface data representing a search claim interface that comprises one or more features to receive one or more search criteria from a user;
  
  receiving, by the server system, a search request from the client device, the search request comprising search criteria data, the search criteria data representing the one or more search criteria, the search criteria including one or more keywords;
  
  wherein each of the germane claims satisfies the one or more search criteria;
  
  wherein the software interface declares a description query method;
  
  providing description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins;
  
  receiving description query responses from the claim provider plug-ins in response to the description query requests, the description query responses comprising the claim description data; and
  
  controlling, by the server system, access to the resource on a basis of claims provided by the claim provider plug-ins.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the claim provider plug-ins implement the software interface in different ways and provide claims that assert different things.
  - 3. The method of claim 2, wherein the claim provider plug-ins use different data sources to provide the claims provided by the claim provider plug-ins.
  - 4. The method of claim 1, wherein the claim description data comprises a title for each of the germane claims, long-form written descriptions of the germane claims, and data specifying applicable entity types for the germane claims.
  - 5. The method of claim 1, further comprising:
    - receiving, by the server system, an authentication request from a the user; and
      
      sending, by the server system, a security token to the user, the security token comprising a given claim, the given claim being among the claims provided by the claim provider plug-ins.
  - 6. The method of claim 5,wherein the software interface declares an augmentation method;
    - andfurther comprising;
      
      authenticating an identity of the user;
      
      providing augmentation requests to the claim provider plug-ins, the augmentation requests invoking the augmentation method of the claim provider plug-ins;
      
      receiving augmentation responses from the claim provider plug-ins in response to the augmentation requests, at least one of the augmentation responses comprising the given claim; and
      
      generating the security token.
  - 7. The method of claim 1,wherein the method further comprises:
    - receiving, by the server system, a policy edit request, the policy edit request specifying that a first user wants an access policy for the resource to require users to provide a given claim in order to access the resource, the given claim being among the claims provided by the claim provider plug-ins; and
      
      editing, by the server system, the access policy to require users to provide the given claim in order to access the resource; and
      
      wherein controlling access to the resource comprises controlling access to the resource on a basis of the access policy.
  - 8. The method of claim 7, wherein controlling access to the resource on the basis of the access policy comprises:
    - receiving, by the server system, a security token from a second user; and
      
      determining, by the server system, whether the second user is authorized to access the resource by determining whether claims in the security token are sufficient to satisfy the access policy.

9. A server system comprising:
- at least one computer with a processing unit; and
  
  a data storage system comprising at least one computer storage medium, the data storage system storing computer-executable instructions that, when executed by the processing unit, cause the server system to;
  
  install multiple claim provider plug-ins without changing programming code of software previously installed on the server system, the multiple claim provider plug-ins being installed by modifying one or more configuration settings such that the server system dynamically accesses the multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface, the claim provider plug-ins implementing the software interface in different ways and providing claims that assert different things;
  
  provide a search response to a first client device, the search response comprising claim description data, the claim description data describing germane claims, the germane claims being among the claims provided by the claim provider plug-ins;
  
  receive a resource from the first client device;
  
  provide interface data to the first client device when the resource is received from the server system, the interface data representing a search claim interface that comprises one or more features to receive one or more search criteria from a user;
  
  receive a search request from the first client device, the search request comprising search criteria data, the search criteria data representing the one or more search criteria, the search criteria including one or more keywords;
  
  wherein each of the germane claims satisfies the one or more search criteria;
  
  wherein the software interface declares a description query method;
  
  provide description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins;
  
  receive description query responses from the claim provider plug-ins in response to the description query requests, the description query responses comprising the claim description data; and
  
  control access to the resource on a basis of claims provided by the claim provider plug-ins.
- View Dependent Claims (10, 11, 12)
- - 10. The server system of claim 9, wherein the computer-executable instructions cause the server system to:
    - authenticate the user;
      
      receive applicable claims from the claim provider plug-ins;
      
      generate a security token comprising the applicable claims;
      
      send the security token to a second client device;
      
      receive the security token; and
      
      determine based on the claims in the security token whether the user is authorized to access the resource.
  - 11. The server system of claim 10, wherein the computer-executable instructions cause the server system to:
    - receive a policy edit request from the first client device, the policy edit request specifying that the user wants an access policy for the resource to require users to provide a given claim in order to access the resource, the given claim being among the claims provided by the claim provider plug-ins; and
      
      edit the access policy to require users to provide the given claim in order to access the resource.
  - 12. The server system of claim 11,wherein the policy edit request specifies that the user wants the access policy for the resource to require users to provide the given claim in order to access the resource in a first way and to require the users to provide an additional claim in order to access the resource in a second way, the additional claim being among the claims provided by the claim provider plug-ins;
    - andwherein execution of the computer-executable instructions further causes the server system to edit the access policy to require users to provide the given claim in order to access the resource in the first way and to require users to provide the additional claim in order to access the resource in the second way.

13. A computer storage medium, the computer storage medium not comprising a signal, the computer storage medium comprising computer-executable instructions that, when executed by a computing device, cause the computing device to:
- install multiple claim provider plug-ins without changing programming code of programs previously installed on the computing device, the multiple claim provider plug-ins being installed by modifying one or more configuration settings such that a server system dynamically accesses the multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface in different ways, each of the claim provider plug-ins providing claims that assert different things;
  
  receive a resource from a first client device;
  
  provide data representing a claim search interface to the first client device, the claim search interface comprising one or more features to receive one or more search criteria;
  
  receive a search request from the first client device, the search request comprising data representing the one or more search criteria, the search criteria including one or more keywords;
  
  provide a search response to the first client device, the search response comprising claim description data describing germane claims, the germane claims being among the claims provided by the claim provider plug-ins, each of the germane claims satisfying the one or more search criteria;
  
  wherein the software interface declares a description query method;
  
  provide description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins;
  
  receive description query responses from the claim provider plug-ins in responses to the description query requests, the description query responses comprising the claim description data;
  
  receive a policy edit request from the first client device, the policy edit request specifying that a first user wants an access policy for the resource to require users to provide a given claim in order to access the resource, the given claim being among the germane claims;
  
  edit the access policy to require users to provide the given claim in order to access the resource;
  
  authenticate an identity of a second user;
  
  receive applicable claims from the claim provider plug-ins, the applicable claims being among the claims provided by the claim provider plug-ins, each of the applicable claims regarding the identity of the second user;
  
  generate a security token comprising the applicable claims;
  
  send the security token to a second client device, the second user using the second client device;
  
  receive the security token from the second client device; and
  
  determine whether the second user is authorized to access the resource by determining whether the claims in the security token satisfy the access policy for the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dalzell, Javier, Fong, Bryant, Subramaniam, Sarat Chandra, Roy, Christian, Sharmin, Sadia, Schmitlin, Benoit, Veeraraghavan, Venkatesh
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US12/969,007
Publication Number

US 20120117609A1
Time in Patent Office

1,203 Days
Field of Search

713/185, 713/182, 726/2, 726/3, 726/4, 726/5, 726/6, 726/7, 726/8, 726/9, 726/10
US Class Current

713/185
CPC Class Codes

G06F 21/335 for accessing specific reso...

G06F 9/44526 Plug-ins; Add-ons

Pluggable claim providers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Pluggable claim providers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links