Hybrid cloud identity mapping infrastructure

US 8,789,157 B2
Filed: 10/13/2011
Issued: 07/22/2014
Est. Priority Date: 09/06/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one processor;

a hybrid identity mapper implemented by the at least one processor and configured to;

maintain a cloud role associated with an enterprise identity of an enterprise user, the enterprise identity being an entry in an internal cloud directory under a first distinguished name, andmaintain hybrid cloud mapping data that maps the enterprise identity of the enterprise user to an identity usable in a public cloud, the hybrid cloud mapping data maps the enterprise identity to the identity based on;

the entry being under the first distinguished name, andthe first distinguished name being mapped to a second distinguished name in a public cloud directory that corresponds to the identity;

an authentication and authorization (AA) server configured to;

authenticate the enterprise user based on the enterprise identity, andobtain the cloud role and the hybrid cloud mapping data in response to authenticating the enterprise user; and

an administration server configured to allow the enterprise user to access the public cloud using the identity based on the hybrid cloud mapping data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud.

44 Citations

View as Search Results

20 Claims

1. A system, comprising:
- at least one processor;
  
  a hybrid identity mapper implemented by the at least one processor and configured to;
  
  maintain a cloud role associated with an enterprise identity of an enterprise user, the enterprise identity being an entry in an internal cloud directory under a first distinguished name, andmaintain hybrid cloud mapping data that maps the enterprise identity of the enterprise user to an identity usable in a public cloud, the hybrid cloud mapping data maps the enterprise identity to the identity based on;
  
  the entry being under the first distinguished name, andthe first distinguished name being mapped to a second distinguished name in a public cloud directory that corresponds to the identity;
  
  an authentication and authorization (AA) server configured to;
  
  authenticate the enterprise user based on the enterprise identity, andobtain the cloud role and the hybrid cloud mapping data in response to authenticating the enterprise user; and
  
  an administration server configured to allow the enterprise user to access the public cloud using the identity based on the hybrid cloud mapping data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the hybrid cloud mapping data further comprises a mapping between an enterprise identity directory and a first cloud identity directory associated with a private cloud.
  - 3. The system of claim 2, wherein the administration server is further configured to allow the enterprise user to access the public cloud based further on the cloud role.
  - 4. The system of claim 3, wherein the cloud role indicates at least one of rights to create an instance of a cloud application, rights to update the instance of the cloud application, and rights to delete the instance of the cloud application.
  - 5. The system of claim 1, wherein the hybrid identity mapper is further configured to synchronize hybrid cloud mapping data with identity management servers associated with the private and public clouds.
  - 6. The system of claim 1, wherein the hybrid cloud mapping data further maps the enterprise identity of the enterprise user to additional identities usable in one or more public clouds or private clouds.
  - 7. The system of claim 6, wherein each of the identities of the additional identities maps to the enterprise identity.

8. A computer-implemented method, comprising:
- authenticating an enterprise user based on an enterprise identity, the enterprise identity being an entry in an internal cloud directory under a first distinguished name;
  
  responsive to the authenticating of the enterprise user, obtaining a cloud role associated with the enterprise user and hybrid cloud mapping data that maps the enterprise identity to an identity usable in a public cloud, the hybrid cloud mapping data maps the enterprise identity to the identity based on;
  
  the entry being under the first distinguished name, andthe first distinguished name being mapped to a second distinguished name in a public cloud directory that corresponds to the identity; and
  
  providing the enterprise user access to the public cloud using the identity based on the hybrid cloud mapping data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method of claim 8, wherein the hybrid cloud mapping data comprises a mapping between an enterprise identity directory and a cloud identity directory associated with a private cloud.
  - 10. The computer-implemented method of claim 9, wherein providing the enterprise user access to the public cloud using the identity is based further on the cloud role.
  - 11. The computer-implemented method of claim 10, wherein the cloud role indicates at least one of rights to create an instance of a cloud application, rights to update the instance of the cloud application, and rights to delete the instance of the cloud application.
  - 12. The computer-implemented method of claim 8, further comprising synchronizing the hybrid cloud mapping data with identity management servers associated with the private and public clouds.
  - 13. The computer-implemented method of claim 8, wherein the hybrid cloud mapping data further maps the enterprise identity of the enterprise user to additional identities usable in one or more public clouds or private clouds.
  - 14. The computer-implemented method of claim 13, wherein each of the identities of the additional identities maps to the enterprise identity.

15. A non-transitory machine-readable storage medium storing a set of instructions that, when executed by at least one processor, causes the at least one processor to perform operations comprising:
- authenticating an enterprise user based on an enterprise identity, the enterprise identity being an entry in an internal cloud directory under a first distinguished name;
  
  responsive to the authenticating of the enterprise user, obtaining a cloud role associated with the enterprise user and hybrid cloud mapping data that maps the enterprise identity to an identity usable in a public cloud, the hybrid cloud mapping data maps the enterprise identity to the identity based on;
  
  the entry being under the first distinguished name, andthe first distinguished name being mapped to a second distinguished name in a public cloud directory that corresponds to the identity; and
  
  providing the enterprise user access to the public cloud using the identity based on the hybrid cloud mapping data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable storage medium of claim 15, wherein the hybrid cloud mapping data comprises a mapping between an enterprise identity directory and a cloud identity directory associated with a private cloud.
  - 17. The non-transitory machine-readable storage medium of claim 16, wherein providing the enterprise user access to the public cloud using the identity is based further on the cloud role.
  - 18. The non-transitory machine-readable storage medium of claim 17, wherein the cloud role indicates at least one of rights to create an instance of a cloud application, rights to update the instance of the cloud application, and rights to delete the instance of the cloud application.
  - 19. The non-transitory machine-readable storage medium of claim 15, further comprising synchronizing the hybrid cloud mapping data with identity management servers associated with the private and public clouds.
  - 20. The non-transitory machine-readable storage medium of claim 15, wherein the hybrid cloud mapping data further maps the enterprise identity of the enterprise user to additional identities usable in one or more public clouds or private clouds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Sinn, Richard
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US13/272,924
Publication Number

US 20130061306A1
Time in Patent Office

1,013 Days
Field of Search

726/7
US Class Current

726/7
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06Q 10/10   Office automation; Time man...

H04L 41/12   Discovery or management of ...

H04L 47/70   Admission control; Resource...

H04L 63/0861   using biometrical features,...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 67/10   in which an application is ...

Hybrid cloud identity mapping infrastructure

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid cloud identity mapping infrastructure

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links