Secure cross-tenancy federation in software-as-a-service system

US 8,978,122 B1
Filed: 03/29/2013
Issued: 03/10/2015
Est. Priority Date: 03/29/2013
Status: Active Grant

First Claim

Patent Images

1. A method of operating a computer system hosting a service application and multiple tenant subsystems having respective resources, the computer system including an access control subsystem capable of mutually isolating the tenant subsystems to prevent a given tenant from accessing the resources of another tenant, comprising:

establishing a federated relationship between a first tenant subsystem and a user account on a second tenant subsystem, the federated relationship including visibility controls in the first tenant subsystem identifying the user account and specifying resources of the first tenant subsystem that are accessible to an authorized user of the user account in the second tenant subsystem;

performing a user authentication in the first tenant subsystem when a user of the second tenant subsystem accesses the resources, the user authentication including requesting and receiving from the second tenant subsystem a security assertion that the user has been authenticated by the second tenant subsystem as the authorized user of the user account; and

wherein each tenant subsystem includes a respective tenant identity store containing authentication information for user accounts of the respective tenant.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a software-as-a-service system, a federated relationship is established between a first tenant subsystem (host) and a user account on a second tenant subsystem (guest), the federated relationship including visibility controls in the host specifying resources made accessible to an authorized user of the user account. When a guest user accesses the host, an authentication is performed that includes requesting and receiving from the guest a security assertion that the user has been authenticated by the guest as the authorized user. Each tenant subsystem includes mechanisms for authenticating its own users for access control; the cross-tenancy authentication extends this operation to make and accept authentication assertions from other tenants. A second risk-based authentication may be performed for additional confidence, typically based on comparing circumstances for the present access to circumstances for past accesses.

Citations

22 Claims

1. A method of operating a computer system hosting a service application and multiple tenant subsystems having respective resources, the computer system including an access control subsystem capable of mutually isolating the tenant subsystems to prevent a given tenant from accessing the resources of another tenant, comprising:
- establishing a federated relationship between a first tenant subsystem and a user account on a second tenant subsystem, the federated relationship including visibility controls in the first tenant subsystem identifying the user account and specifying resources of the first tenant subsystem that are accessible to an authorized user of the user account in the second tenant subsystem;
  
  performing a user authentication in the first tenant subsystem when a user of the second tenant subsystem accesses the resources, the user authentication including requesting and receiving from the second tenant subsystem a security assertion that the user has been authenticated by the second tenant subsystem as the authorized user of the user account; and
  
  wherein each tenant subsystem includes a respective tenant identity store containing authentication information for user accounts of the respective tenant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein each tenant identity store further contains access control information for the user accounts of the respective tenant, and each tenant subsystem further includes a respective guest identity connector making users from other tenant identity stores visible to the respective tenant subsystem.
  - 3. A method according to claim 2, wherein each tenant identity store is a directory.
  - 4. A method according to claim 2, wherein each guest identity connector is a virtual directory and the tenant identity stores are databases.
  - 5. A method according to claim 1, wherein the user authentication is a two-step user authentication in which the requesting and receiving are a first authentication, a second authentication of the two-step user authentication being a risk-based authentication of the user based on comparing information describing circumstances for the present access to historical information describing circumstances for past accesses by the user to the resources.
  - 6. A method according to claim 4, wherein the risk-based authentication includes adaptive authentication.
  - 7. A method according to claim 1, wherein the access control subsystem includes a set of tenant portals each providing user access to a respective tenant subsystem, each tenant portal including a service provider component and an identity provider component, the service provider component of each portal performing the requesting and receiving of security assertions from other tenant subsystems as part of authenticating a guest user into the tenant subsystem accessed via the portal, the identity provider component of each portal responding to the requesting of security assertions from the other tenant subsystems by providing the requested security assertions based on local authentication of a user as the authorized user of a user account of the tenant subsystem accessed via the portal.
  - 8. A method according to claim 7, wherein the service provider component and identity provider component engage in the requesting and providing of security assertions according to a security assertion markup language protocol.
  - 9. A method according to claim 1, further comprising:
    - wherein the tenant identity store for each tenant subsystem includes a tenant directory containing a plurality of user entries, each of the user entries containing authentication information and access control information specific to the tenant subsystem for a respective user of the tenant subsystem, andwherein the security assertion indicates that the user has been authenticated by the second tenant subsystem as the authorized user of the user account on the second tenant subsystem based on authentication information contained in an entry for the user in the tenant directory of the second tenant subsystem.
  - 10. A method according to claim 9, wherein each tenant subsystem includes a virtual directory making users from other tenant subsystems visible from the tenant directories of the other tenant subsystems.

11. A computer system, comprising:
- one or more processors;
  
  memory;
  
  input/output circuitry for coupling the computer system to local storage and to a network via which users access the computer system; and
  
  one or more high-speed data buses interconnecting the processors, memory and input/output circuitry for data transfer there between,the memory storing computer instructions and data of a service application, multiple tenant subsystems having respective resources in the local storage, wherein each tenant subsystem includes a respective tenant identity store containing authentication information for user accounts of the respective tenant, and an access control subsystem capable of mutually isolating the tenant subsystems to prevent a given tenant from accessing the resources of another tenant, the instructions being executable by the processors to cause the computer system to perform a method including;
  
  establishing a federated relationship between a first tenant subsystem and a user account on a second tenant subsystem, the federated relationship including visibility controls in the first tenant subsystem identifying the user account and specifying resources of the first tenant subsystem that are accessible to an authorized user of the user account in the second tenant subsystem; and
  
  performing a user authentication in the first tenant subsystem when a user of the second tenant subsystem accesses the resources, the user authentication including requesting and receiving from the second tenant subsystem a security assertion that the user has been authenticated by the second tenant subsystem as the authorized user of the user account.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A computer system according to claim 11, wherein each tenant identity store further contains access control information for the user accounts of the respective tenant, and each tenant subsystem further includes a respective guest identity connector making users from other tenant identity stores visible to the respective tenant subsystem.
  - 13. A computer system according to claim 12, wherein each tenant identity store is a directory.
  - 14. A computer system according to claim 12, wherein each guest identity connector is a virtual directory and the tenant identity stores are databases.
  - 15. A computer system according to claim 11, wherein the user authentication is a two-step user authentication in which the requesting and receiving are a first authentication, a second authentication of the two-step user authentication being a risk-based authentication of the user based on comparing information describing circumstances for the present access to historical information describing circumstances for past accesses by the user to the resources.
  - 16. A computer system according to claim 15, wherein the risk-based authentication includes adaptive authentication.
  - 17. A computer system according to claim 11, wherein the access control subsystem includes a set of tenant portals each providing user access to a respective tenant subsystem, each tenant portal including a service provider component and an identity provider component, the service provider component of each portal performing the requesting and receiving of security assertions from other tenant subsystems as part of authenticating a guest user into the tenant subsystem accessed via the portal, the identity provider component of each portal responding to the requesting of security assertions from the other tenant subsystems by providing the requested security assertions based on local authentication of a user as the authorized user of a user account of the tenant subsystem accessed via the portal.
  - 18. A computer system according to claim 17, wherein the service provider component and identity provider component engage in the requesting and providing of security assertions according to a security assertion markup language protocol.

19. A non-transitory computer-readable medium storing computer program instructions, the instructions being executable by a computer system to cause the computer system to host a service application, multiple tenant subsystems having respective resources, and an access control subsystem capable of mutually isolating the tenant subsystems to prevent a given tenant from accessing the resources of another tenant, the instructions further causing the computer system to perform a method including:
- establishing a federated relationship between a first tenant subsystem and a user account on a second tenant subsystem, the federated relationship including visibility controls in the first tenant subsystem identifying the user account and specifying resources of the first tenant subsystem that are accessible to an authorized user of the user account in the second tenant subsystem;
  
  performing a user authentication in the first tenant subsystem when a user of the second tenant subsystem accesses the resources, the user authentication including requesting and receiving from the second tenant subsystem a security assertion that the user has been authenticated by the second tenant subsystem as the authorized user of the user account; and
  
  wherein each tenant subsystem includes a respective tenant identity store containing authentication information for user accounts of the respective tenant.
- View Dependent Claims (20, 21, 22)
- - 20. A non-transitory computer-readable medium according to claim 19, wherein each tenant identity store further contains access control information for the user accounts of the respective tenant, and each tenant subsystem further includes a respective guest identity connector making users from other tenant identity stores visible to the respective tenant subsystem.
  - 21. A non-transitory computer-readable medium according to claim 20, wherein each tenant identity store is a directory.
  - 22. A non-transitory computer-readable medium according to claim 19, wherein the user authentication is a two-step user authentication in which the requesting and receiving are a first authentication, a second authentication of the two-step user authentication being a risk-based authentication of the user based on comparing information describing circumstances for the present access to historical information describing circumstances for past accesses by the user to the resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Zolfonoon, Riaz, Mehta, Nirav, Richards, Gareth
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US13/853,279
Time in Patent Office

711 Days
Field of Search

726/4, 726/8
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Secure cross-tenancy federation in software-as-a-service system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure cross-tenancy federation in software-as-a-service system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links