Access management architecture
First Claim
Patent Images
1. A system, comprising:
- one or more central processing units;
an access metadata repository of access metadata objects, wherein each access metadata object of a plurality of access metadata objects in the access metadata repository describes data associated with access services;
input/output logic configured to receive, from a first application, a first access request for a security token associated with a second application;
service management logic configured to determine a first request type associated with the first access request;
normalization logic configured to generate a first normalized access request; and
component management logic configured to select a first functional component to satisfy at least a portion of the first normalized access request based at least in part on the first normalized access request and an access metadata object associated with the first request type, said component management logic further configured to cause the first functional component to generate a first token that authorizes the first application to make changes associated with the second application on behalf of a user of the first application.
1 Assignment
0 Petitions
Accused Products
Abstract
An access management system architecture is provided. In one embodiment, the architecture comprises modular and decoupled components, which allow composability of heterogeneous solutions.
28 Citations
20 Claims
-
1. A system, comprising:
-
one or more central processing units; an access metadata repository of access metadata objects, wherein each access metadata object of a plurality of access metadata objects in the access metadata repository describes data associated with access services; input/output logic configured to receive, from a first application, a first access request for a security token associated with a second application; service management logic configured to determine a first request type associated with the first access request; normalization logic configured to generate a first normalized access request; and component management logic configured to select a first functional component to satisfy at least a portion of the first normalized access request based at least in part on the first normalized access request and an access metadata object associated with the first request type, said component management logic further configured to cause the first functional component to generate a first token that authorizes the first application to make changes associated with the second application on behalf of a user of the first application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
maintaining an access metadata repository of access metadata objects, wherein each access metadata object of a plurality of access metadata objects in the access metadata repository describes data associated with access services; receiving, from a first application, a first access request for a security token associated with a second application; determining a first request type associated with the first access request; generating a first normalized access request; based at least in part on the first normalized access request and an access metadata object associated with the first request type, selecting a first functional component to satisfy at least a portion of the first normalized access request; and causing the first functional component to generate a first token that authorizes the first application to make changes associated with the second application on behalf of a user of the first application; wherein the method is performed by one or more computing devices. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable non-transitory storage medium storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
-
maintaining an access metadata repository of access metadata objects, wherein each access metadata object of a plurality of access metadata objects in the access metadata repository describes data associated with access services; receiving, from a first application, a first access request for a security token associated with a second application; determining a first request type associated with the first access request; generating a first normalized access request; based at least in part on the first normalized access request and an access metadata object associated with the first request type, selecting a first functional component to satisfy at least a portion of the first normalized access request; and causing the first functional component to generate a first token that authorizes the first application to make changes associated with the second application on behalf of a user of the first application; wherein the method is performed by one or more computing devices. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification