Virtual endpoints for request authentication
First Claim
1. A computer-implemented method, comprising:
- receiving a request from a caller to a first endpoint of a request management service, the request being associated with a service offered by a customer to the caller using one or more computing resources that are accessible through a provider of the one or more computing resources, the first endpoint and the service being under control of the customer, and wherein (1) the customer does not own the one or more computing resources and offers the service to the caller by paying the provider for use of the one or more computing resources and (2) the customer bills the caller for use of the service;
attempting, using at least one computing device, to authenticate the request using information from an identity pool provided by the provider of the one or more computing resources to yield an authentication of the request;
determining, using the at least one computing device, that the request is authorized to be processed by the service of the customer according to policies associated with the caller to yield a determination;
associating the request with an authenticated identity of the caller and, based at least in part on the policies, an authorization to perform at least one task with the service of the customer, to yield an associated authenticated identity of the caller and an associated authorization to perform the at least one task; and
forwarding, using the at least one computing device, based at least in part on the authentication of the request and the determination, the request to a second endpoint for the service of the customer, wherein the service of the customer is able to process the request that was received from the caller at the first endpoint based at least in part on (i) the associated authenticated identity of the caller and (ii) the associated authorization to perform the at least one task.
1 Assignment
0 Petitions
Accused Products
Abstract
Customers can utilize resources of a multi-tenant environment to provide one or more services available to various users. In order to simplify the process for these customers, the multi-tenant environment can include an infrastructure wherein a portion of the resources provide an authentication and/or authorization service that can be leveraged by the customer services. These resources can logically sit in front of the resources used to provide the customer services, such that a user request must pass through the authorization and authentication service before being directed to the customer service. Such resources can provide other functionality as well, such as load balancing and metering.
40 Citations
22 Claims
-
1. A computer-implemented method, comprising:
-
receiving a request from a caller to a first endpoint of a request management service, the request being associated with a service offered by a customer to the caller using one or more computing resources that are accessible through a provider of the one or more computing resources, the first endpoint and the service being under control of the customer, and wherein (1) the customer does not own the one or more computing resources and offers the service to the caller by paying the provider for use of the one or more computing resources and (2) the customer bills the caller for use of the service; attempting, using at least one computing device, to authenticate the request using information from an identity pool provided by the provider of the one or more computing resources to yield an authentication of the request; determining, using the at least one computing device, that the request is authorized to be processed by the service of the customer according to policies associated with the caller to yield a determination; associating the request with an authenticated identity of the caller and, based at least in part on the policies, an authorization to perform at least one task with the service of the customer, to yield an associated authenticated identity of the caller and an associated authorization to perform the at least one task; and
forwarding, using the at least one computing device, based at least in part on the authentication of the request and the determination, the request to a second endpoint for the service of the customer, wherein the service of the customer is able to process the request that was received from the caller at the first endpoint based at least in part on (i) the associated authenticated identity of the caller and (ii) the associated authorization to perform the at least one task. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system, comprising:
-
at least one processor; and memory storing instructions that, when executed by the at least one processor, cause the system to; receive a request from a caller to a first endpoint of a request management service, the request being associated with a service offered by a customer to the caller using one or more computing resources that are accessible through a provider of the one or more computing resources, the first endpoint and the service being under control of the customer, and wherein (2) the customer does not own the one or more computing resources and offers the service to the caller by paying the provider for use of the one or more computing resources and (2) the customer bills the caller for use of the service; authenticate the request using information from an identity pool provided by the provider of the one or more computing resources to yield an authentication of the request; determine that the request is authorized to be processed by the service offered by the customer according to policies associated with the caller to yield a determination; associate the request with an authenticated identity of the caller and, based at least in part on the policies, an authorization to perform at least one task with the service offered by the customer to yield an associated authenticated identity of the caller and an associated authorization to perform the at least one task; and forward, based on the authentication of the request and the determination, the request to a second endpoint for the service, wherein the service is able to process the request that was received from the caller at the first endpoint based at least in part on (i) the associated authenticated identity of the caller and (ii) the associated authorization to perform the at least one task. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to:
-
receive a communication from a caller to a first endpoint, the request being associated with a service offered by a customer to the caller using one or more computing resources, and wherein (1) the customer does not own the one or more computing resources and offers the service to the caller by paying the provider for use of the one or more computing resources and (2) the customer bills the caller for use of the service, the first endpoint and the service being under control of the customer and compatible with a provider of the one or more computing resources that are accessible through a provider of the one or more computing resources, the request further comprising a signature generated using at least one security credential; determine, by the provider, that the signature is a valid signature and has a format compatible with the provider; determine that the request is authorized to be processed by the service offered by the customer according to policies associated with the caller, to yield a determination; associate the request with an authenticated identity of the caller and, based at least in part on the policies, an authorization to perform at least one task with the service offered by the customer, to yield an associated authenticated identity of the caller and an associated authorization to perform the at least one task; and forward, based on the authentication of the request and the determination, the request to a second endpoint for the service, wherein the second endpoint is able to process the request that was received from the caller at the first endpoint based at least in part on (i) the associated authenticated identity of the caller and (ii) the associated authorization to perform the at least one task. - View Dependent Claims (20, 21, 22)
-
Specification