Application identity design
First Claim
1. An interoperability network configured to assist a first service acting on behalf of a first user to obtain authorized access to and task performance by a second service, wherein the first and second service operate on service-associated machines, are separate from each other, and are coupled in communication with the interoperability network, the interoperability network comprising one or more computing devices configured to:
- receive a request for the first service to perform a particular task, fulfillment of which requires authorized access to and task performance by the second service;
determine that the first service is authorized to act on behalf of the first user in obtaining authorized access to and task performance by the second service;
retrieve from an electronic storage repository, which stores a plurality of sets of credentials usable by the first user and by a plurality of other users, access information that enables the first user to obtain authorized access to and task performance by the second service; and
provide at least part of the access information to the second service to obtain authorized access to and task performance by the second service.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user'"'"'s credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
-
Citations
20 Claims
-
1. An interoperability network configured to assist a first service acting on behalf of a first user to obtain authorized access to and task performance by a second service, wherein the first and second service operate on service-associated machines, are separate from each other, and are coupled in communication with the interoperability network, the interoperability network comprising one or more computing devices configured to:
-
receive a request for the first service to perform a particular task, fulfillment of which requires authorized access to and task performance by the second service; determine that the first service is authorized to act on behalf of the first user in obtaining authorized access to and task performance by the second service; retrieve from an electronic storage repository, which stores a plurality of sets of credentials usable by the first user and by a plurality of other users, access information that enables the first user to obtain authorized access to and task performance by the second service; and provide at least part of the access information to the second service to obtain authorized access to and task performance by the second service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of facilitating, via an interoperability network, authorized access to and task performance by a second service for a first service acting on behalf of a first user, wherein the first and second service operate on service-associated machines, are separate from each other, and are coupled in communication with the interoperability network, the interoperability network the method comprising:
-
receiving a request for the first service to perform a particular task, fulfillment of which requires authorized access to and task performance by the second service; determining that the first service is authorized to act on behalf of the first user in obtaining authorized access to and task performance by the second service; retrieving from an electronic storage repository, which stores a plurality of sets of credentials usable by the first user and by a plurality of other users, access information that enables the first user to obtain authorized access to and task performance by the second service; and providing at least part of the access information to the second service to obtain authorized access to and task performance by the second service. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium storing instructions for facilitating, via an interoperability network, authorized access to and task performance by a second service for a first service acting on behalf of a first user, wherein the first and second service operate on service-associated machines, are separate from each other, and are coupled in communication with the interoperability network, the instructions comprising:
-
first instructions to receive a request for the first service to perform a particular task, fulfillment of which requires authorized access to and task performance by the second service; second instructions to determine that the first service is authorized to act on behalf of the first user in obtaining authorized access to and task performance by the second service; third instructions to retrieve from an electronic storage repository, which stores a plurality of sets of credentials usable by the first user and by a plurality of other users, access information that enables the first user to obtain authorized access to and task performance by the second service; and fourth instructions to provide at least part of the access information to the second service to obtain authorized access to and task performance by the second service. - View Dependent Claims (17, 18, 19, 20)
-
Specification