Mechanism for facilitating dynamic and continuous testing of security assertion markup language credentials in an on-demand services environment

US 8,763,098 B2
Filed: 07/18/2012
Issued: 06/24/2014
Est. Priority Date: 12/06/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing device, a request, via an identity provider, to access one or more software applications hosted by a service provider in an on-demand service environment, wherein the request includes security assertions relating to at least one of an organization and a user seeking the access to the one or more software applications, wherein the user is associated with the organization;

identifying at least one of the organization and the user based on the security assertions;

dynamically and continuously performing, in runtime, testing of the security assertions at a testing cache, wherein testing includes comparing the security assertions against sample assertions relating to one or more of the organization, other organizations, and one or more access modes;

generating, based on the testing, a new code or modifying an existing code relating to the security assertions;

placing the security assertions into a testing cache prior to the testing, wherein the sample assertions include at least one of newly-received sample assertions and previously-received sample assertions relating to one or more of the organization, the other organizations, the one or more access modes; and

dynamically deploying the generated and modified codes for processing future requests for access and subsequent automatic authentications relating to one or more of the organization, the other organizations, the user, other users, and the one or more access modes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing.

127 Citations

11 Claims

1. A method comprising:
- receiving, by a computing device, a request, via an identity provider, to access one or more software applications hosted by a service provider in an on-demand service environment, wherein the request includes security assertions relating to at least one of an organization and a user seeking the access to the one or more software applications, wherein the user is associated with the organization;
  
  identifying at least one of the organization and the user based on the security assertions;
  
  dynamically and continuously performing, in runtime, testing of the security assertions at a testing cache, wherein testing includes comparing the security assertions against sample assertions relating to one or more of the organization, other organizations, and one or more access modes;
  
  generating, based on the testing, a new code or modifying an existing code relating to the security assertions;
  
  placing the security assertions into a testing cache prior to the testing, wherein the sample assertions include at least one of newly-received sample assertions and previously-received sample assertions relating to one or more of the organization, the other organizations, the one or more access modes; and
  
  dynamically deploying the generated and modified codes for processing future requests for access and subsequent automatic authentications relating to one or more of the organization, the other organizations, the user, other users, and the one or more access modes.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the new and modified codes are used to update the security assertions and other security assertions subsequently obtained via the identity provider to facilitate future access to the one or more software applications at the service provider without having to verify or authenticate the user or the organization.
  - 3. The method of claim 1, wherein the user and the other users include one or more of customers of the organization or the other organizations, wherein the customers include one or more of individuals, businesses including companies or corporations, government agencies, educational institutions, and non-profit entities.
  - 4. The method of claim 1, wherein the computing device comprises one or more of a server computer, a laptop computer, a smartphone, a personal digital assistant (PDA), a handheld computer, an e-reader, a tablet computer, a notebook, a desktop computer, a cluster-based computer, a set-top box, and a Global Positioning System (GPS)-based navigation system, wherein the identity and service providers include entities employing computing devices.

5. A system comprising:
- a computing device having a memory to store instructions, and a processing device, coupled with the memory, to execute the instructions, wherein the instructions cause the processing device to perform one or more operations comprising;
  
  receiving a request, via an identity provider, to access one or more software applications hosted by a service provider in an on-demand service environment, wherein the request includes security assertions relating to at least one of an organization and a user seeking the access to the one or more software applications, wherein the user is associated with the organization;
  
  identifying at least one of the organization and the user based on the security assertions;
  
  dynamically and continuously performing, in runtime, testing of the security assertions at a testing cache, wherein testing includes comparing the security assertions against sample assertions relating to one or more of organization, other organizations, and one or more access modes;
  
  generating, based on the testing, a new code or modifying an existing code relating to the security assertions;
  
  placing the security assertions into a testing cache prior to the testing, wherein the sample assertions include at least one of newly-received sample assertions and previously-received sample assertions relating to one or more of the organization, the other organizations, and the one or more access modes; and
  
  dynamically deploying the generated and modified codes for processing future requests for access and subsequent automatic authentications relating to one or more the organization, the other organizations, the user, other users and the access mode, and the one or more access modes.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein the new and modified codes are used to update the security assertions and other security assertions subsequently obtained via the identity provider to facilitate future access to the one or more software applications at the service provider without having to verify or authenticate the user or the organization.
  - 7. The system of claim 5, wherein the user and the other users include one or more of customers of the organization or the other organizations, wherein the customers include one or more of individuals, businesses including companies or corporations, government agencies, educational institutions, and non-profit entities.
  - 8. The system of claim 5, wherein the computing device comprises one or more of a server computer, a laptop computer, a smartphone, a personal digital assistant (PDA), a handheld computer, an e-reader, a tablet computer, a notebook, a desktop computer, a cluster-based computer, a set-top box, and a Global Positioning System (GPS)-based navigation system, wherein the identity and service providers include entities employing computing devices.

9. A non-transitory machine-readable medium having stored thereon instructions which, when executed by a machine, cause the machine to perform one or more operations comprising:
- receiving a request, via an identity provider, to access one or more software applications hosted by a service provider in an on-demand service environment, wherein the request includes security assertions relating to at least one of an organization and a user seeking the access to the one or more software applications, wherein the user is associated with the organization;
  
  identifying at least one of the organization and the user based on the security assertions;
  
  dynamically and continuously performing, in runtime, testing of the security assertions at a testing cache, wherein testing includes comparing the security assertions against sample assertions relating to one or more of primary organization, other organizations, and one or more access modes;
  
  generating, based on the testing, a new code or modifying an existing code relating to the security assertions;
  
  placing the security assertions into a testing cache prior to the testing, wherein the sample assertions include at least one of newly-received sample assertions and previously-received sample assertions relating to one or more of the organization, the other organizations, and the one or more access modes; and
  
  dynamically deploying the generated and modified codes for processing future requests for access and subsequent automatic authentications relating to one or more the organization, the other organizations, the user, other users, and the access mode and the one or more access modes.
- View Dependent Claims (10, 11)
- - 10. The non-transitory machine-readable medium of claim 9, wherein new and modified codes are used to update the security the assertions and other security assertions subsequently are obtained via the identity provider to facilitate future access to the one or more software applications at the service provider without having to verify or authenticate the user or the organization.
  - 11. The non-transitory machine-readable medium of claim 9, wherein the user and the other users include one or more of customers of the organization or the other organizations, wherein the customers include one or more of individuals, businesses including companies or corporations, government agencies, educational institutions,wherein the computing device comprises one or more of a server computer, a laptop computer, a smartphone, a personal digital assistant (PDA), a handheld computer, an e-reader, a tablet computer, a notebook, a desktop computer, a cluster-based computer, a set-top box, and a Global Positioning System (GPS)-based navigation system, wherein the identity and service providers include entities employing computing devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lee, Jong
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Elmore, Gregory M

Application Number

US13/552,498
Publication Number

US 20130145445A1
Time in Patent Office

706 Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31 User authentication

G06F 21/45 Structures or tools for the...

Mechanism for facilitating dynamic and continuous testing of security assertion markup language credentials in an on-demand services environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

127 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for facilitating dynamic and continuous testing of security assertion markup language credentials in an on-demand services environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links