Matching entitlement information for multiple sources
First Claim
1. A computer-implemented method comprising:
- an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user;
the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user;
the EBS receiving, from the ES, the entitlement information for the requesting user;
the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and
the EBS filtering entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and computer-usable medium for executing, at an Entitlement Broker Service (EBS), a request from a requesting user for a protected computer resource that is available only to entitled users. Entitlement identifications are located using a Standardized Entitlement Credentials Data Store (SECDS) in the EBS. The SECDS contains entitlement identification in a standardized format that can be used to contact an Entitlement Source (ES) for entitlement information regarding the requesting user and the requested protected computer resource. The located entitlement information, for the requesting user, is then transmitted from the EBS to an External Client Application (ECA) that manages the protected computer resource, thus affording the requesting user access to the protected computer resource.
17 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user; the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user; the EBS receiving, from the ES, the entitlement information for the requesting user; the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and the EBS filtering entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a processor; a data bus coupled to the processor; a memory coupled to the data bus; and a computer-usable medium embodying computer program code, the computer program code comprising instructions executable by the processor and configured for; an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user; the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user; the EBS receiving, from the ES, the entitlement information for the requesting user; the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and filtering, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
-
an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user; the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user; the EBS receiving, from the ES, the entitlement information for the requesting user; and
the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; andfiltering, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification