Using cached security tokens in an online service
First Claim
1. A method for using cached security tokens in an online service, comprising:
- receiving a request over a network from a client for a resource of the online service, wherein the request comprises an identity claim that uniquely identifies an externally stored first security token, and wherein the externally stored first security token is different from the identity claim and is stored in memory in a location that is separate from the request;
determining that the first security token is no longer valid;
revoking the identity claim by deleting the first security token from the memory;
attempting to access with the identity claim, the externally stored first security token;
when the first security token is not found at the online service;
sending the identity claim to a token issuing authority to generate a second security token; and
determining, with the second security token, when to provide the resource to the client.
3 Assignments
0 Petitions
Accused Products
Abstract
A security token service generates a security token for a user that is associated with a client and stores the full security token within a memory. The security token includes an identity claim that represents the identity of the generated security token. Instead of passing the entire security token back to the client, the identity claim is returned to the client. For each request the client makes to the service, the client passes the identity claim in the request instead of the full security token having all of the claims. The identity claim is much smaller then the full security token. When a computing device receives the identity claim within the request from the user, the identity claim is used to access the full security token that is stored in memory.
175 Citations
17 Claims
-
1. A method for using cached security tokens in an online service, comprising:
-
receiving a request over a network from a client for a resource of the online service, wherein the request comprises an identity claim that uniquely identifies an externally stored first security token, and wherein the externally stored first security token is different from the identity claim and is stored in memory in a location that is separate from the request; determining that the first security token is no longer valid; revoking the identity claim by deleting the first security token from the memory; attempting to access with the identity claim, the externally stored first security token; when the first security token is not found at the online service; sending the identity claim to a token issuing authority to generate a second security token; and determining, with the second security token, when to provide the resource to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
-
-
8. A computer-readable storage medium, excluding a signal, having computer-executable instructions for using cached security tokens for users, comprising:
-
receiving a request from a client for a resource that is located within a network;
wherein the request comprises an identity claim that uniquely identifies an externally stored first Security Assertion Markup Language (SAML) token, and wherein the first SAML token is stored in memory within the network and is separate from the request;determining that the first SAML token is no longer valid; revoking the identity claim by deleting the first SAML token from the memory; attempting to access, with the identity claim, the externally stored first SAML token; when the first SAML token is not found on the network; sending the identity claim to a token issuing authority to generate a second SAML token; and determining, with the second SAML token, when to provide the resource to the client. - View Dependent Claims (9, 10, 11, 12, 17)
-
-
13. A system for routing requests in an online service, comprising:
-
a processor and a computer-readable medium, excluding a signal; an operating environment stored on the computer-readable medium and executing on the processor; a security token service that provides a security token service that is used to generate security tokens for users in a network, wherein the generated security tokens comprise claims, wherein at least one of the claims generated is an identity claim that is used in identifying the generated security token;
wherein the identity claim is returned to the client instead of returning the generated security token;
wherein at least one computing device in the online service is configured to perform actions, comprising;receiving a request from a client for a resource that is located within the network;
wherein the request comprises an identity claim that uniquely identifies an externally stored first security token from the request, wherein the externally stored first security token is stored in memory within the network;determining that the first security token is no longer valid; revoking the identity claim by deleting the first security token from the memory; attempting to access with the identity claim, the externally stored first security token; when the first security token is not found on the network; sending the identity claim to a token issuing authority to generate a second security token; and determining, with the second security token, when to provide the resource to the client. - View Dependent Claims (14, 15)
-
Specification