Pluggable claim providers
First Claim
Patent Images
1. A method for enabling use of security tokens to control access to resources, the method comprising:
- receiving, by a server system, multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface;
installing, by the server system, the claim provider plug-ins by modifying one or more configuration settings such that the server system dynamically accesses the claim provider plug-in;
providing, by the server system, a search response to a client device, the search response comprising claim description data, the claim description data describing germane claims, the germane claims being among claims provided by the claim provider plug-ins;
receiving, by the server system, a resource from the client device;
providing interface data to the client device when the resource is received from the server system, the interface data representing a search claim interface that comprises one or more features to receive one or more search criteria from a user;
receiving, by the server system, a search request from the client device, the search request comprising search criteria data, the search criteria data representing the one or more search criteria, the search criteria including one or more keywords;
wherein each of the germane claims satisfies the one or more search criteria;
wherein the software interface declares a description query method;
providing description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins;
receiving description query responses from the claim provider plug-ins in response to the description query requests, the description query responses comprising the claim description data; and
controlling, by the server system, access to the resource on a basis of claims provided by the claim provider plug-ins.
2 Assignments
0 Petitions
Accused Products
Abstract
A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.
34 Citations
13 Claims
-
1. A method for enabling use of security tokens to control access to resources, the method comprising:
-
receiving, by a server system, multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface; installing, by the server system, the claim provider plug-ins by modifying one or more configuration settings such that the server system dynamically accesses the claim provider plug-in; providing, by the server system, a search response to a client device, the search response comprising claim description data, the claim description data describing germane claims, the germane claims being among claims provided by the claim provider plug-ins; receiving, by the server system, a resource from the client device; providing interface data to the client device when the resource is received from the server system, the interface data representing a search claim interface that comprises one or more features to receive one or more search criteria from a user; receiving, by the server system, a search request from the client device, the search request comprising search criteria data, the search criteria data representing the one or more search criteria, the search criteria including one or more keywords; wherein each of the germane claims satisfies the one or more search criteria; wherein the software interface declares a description query method; providing description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins; receiving description query responses from the claim provider plug-ins in response to the description query requests, the description query responses comprising the claim description data; and controlling, by the server system, access to the resource on a basis of claims provided by the claim provider plug-ins. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A server system comprising:
-
at least one computer with a processing unit; and a data storage system comprising at least one computer storage medium, the data storage system storing computer-executable instructions that, when executed by the processing unit, cause the server system to; install multiple claim provider plug-ins without changing programming code of software previously installed on the server system, the multiple claim provider plug-ins being installed by modifying one or more configuration settings such that the server system dynamically accesses the multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface, the claim provider plug-ins implementing the software interface in different ways and providing claims that assert different things; provide a search response to a first client device, the search response comprising claim description data, the claim description data describing germane claims, the germane claims being among the claims provided by the claim provider plug-ins; receive a resource from the first client device; provide interface data to the first client device when the resource is received from the server system, the interface data representing a search claim interface that comprises one or more features to receive one or more search criteria from a user; receive a search request from the first client device, the search request comprising search criteria data, the search criteria data representing the one or more search criteria, the search criteria including one or more keywords; wherein each of the germane claims satisfies the one or more search criteria; wherein the software interface declares a description query method; provide description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins; receive description query responses from the claim provider plug-ins in response to the description query requests, the description query responses comprising the claim description data; and control access to the resource on a basis of claims provided by the claim provider plug-ins. - View Dependent Claims (10, 11, 12)
-
-
13. A computer storage medium, the computer storage medium not comprising a signal, the computer storage medium comprising computer-executable instructions that, when executed by a computing device, cause the computing device to:
-
install multiple claim provider plug-ins without changing programming code of programs previously installed on the computing device, the multiple claim provider plug-ins being installed by modifying one or more configuration settings such that a server system dynamically accesses the multiple claim provider plug-ins, each of the claim provider plug-ins implementing a same software interface in different ways, each of the claim provider plug-ins providing claims that assert different things; receive a resource from a first client device; provide data representing a claim search interface to the first client device, the claim search interface comprising one or more features to receive one or more search criteria; receive a search request from the first client device, the search request comprising data representing the one or more search criteria, the search criteria including one or more keywords; provide a search response to the first client device, the search response comprising claim description data describing germane claims, the germane claims being among the claims provided by the claim provider plug-ins, each of the germane claims satisfying the one or more search criteria; wherein the software interface declares a description query method; provide description query requests to each of the claim provider plug-ins, the description query requests invoking the description query method of the claim provider plug-ins; receive description query responses from the claim provider plug-ins in responses to the description query requests, the description query responses comprising the claim description data; receive a policy edit request from the first client device, the policy edit request specifying that a first user wants an access policy for the resource to require users to provide a given claim in order to access the resource, the given claim being among the germane claims; edit the access policy to require users to provide the given claim in order to access the resource; authenticate an identity of a second user; receive applicable claims from the claim provider plug-ins, the applicable claims being among the claims provided by the claim provider plug-ins, each of the applicable claims regarding the identity of the second user; generate a security token comprising the applicable claims; send the security token to a second client device, the second user using the second client device; receive the security token from the second client device; and determine whether the second user is authorized to access the resource by determining whether the claims in the security token satisfy the access policy for the resource.
-
Specification