Unified system for authentication and authorization
First Claim
1. A method comprising:
- receiving, by a processing device, a request from a trusted application to authorize a client application that requests a service offered by the trusted application other than authorization and authentication, wherein the trusted application is a software application to offer the service to the client application, wherein the request comprises a user identifier (ID) identifying a user of the client application, a process ID identifying the client application, and an action ID identifying an action to be carried out by the trusted application;
determining, in view of the request, whether the client application is authorized to access the trusted application in view of an authorization policy;
causing an authentication of the user of the client application in response to determining the client application is authorized to access the trusted application; and
returning to the trusted application, by the processing device, an authorization result in view of the determining and the authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
A request is received at an authorization framework via an authorization application programming interface (API) from a trusted application for authorizing a client application, where the client application requests a service provided by the trusted application. In response to the request, the client application is authorized in view of one or more authorization policies associated with the client application to determine whether the client application is authorized to access the requested service. A user associated with the client application is authenticated to determine whether the user is allowed to access the requested service. Thereafter, a value is returned from the authorization framework via the authorization API to the trusted application indicating whether the client application can access the requested service provided by the trusted application, based on results of the authorization and authentication.
-
Citations
18 Claims
-
1. A method comprising:
-
receiving, by a processing device, a request from a trusted application to authorize a client application that requests a service offered by the trusted application other than authorization and authentication, wherein the trusted application is a software application to offer the service to the client application, wherein the request comprises a user identifier (ID) identifying a user of the client application, a process ID identifying the client application, and an action ID identifying an action to be carried out by the trusted application; determining, in view of the request, whether the client application is authorized to access the trusted application in view of an authorization policy; causing an authentication of the user of the client application in response to determining the client application is authorized to access the trusted application; and returning to the trusted application, by the processing device, an authorization result in view of the determining and the authentication. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to:
-
receive, by the processing device, a request from a trusted application to authorize a client application that requests a service offered by the trusted application other than authorization and authentication, wherein the trusted application is a software application to offer the service to the client application, wherein the request comprises a user identifier (ID) identifying a user of the client application, a process ID identifying the client application, and an action ID identifying an action to be carried out by the trusted application; determine, in view of the request, whether the client application is authorized to access the trusted application in view of an authorization policy; cause an authentication of the user of the client application in response to determining the client application is authorized to access the trusted application; and return to the trusted application, by the processing device, an authorization result in view of the determining and the authentication. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a memory to store instructions; and a processing device, operatively coupled to the memory, to; receive a request from a trusted application to authorize a client application that requests a service offered by the trusted application other than authorization and authentication, wherein the trusted application is a software application to offer the service to the client application, wherein the request comprises a user identifier (ID) identifying a user of the client application, a process ID identifying the client application, and an action ID identifying an action to be carried out by the trusted application; determine, in view of the request, whether the client application is authorized to access the trusted application in view of an authorization policy; cause an authentication of the user of the client application in response to determining the client application is authorized to access the trusted application; and return to the trusted application, by the processing device, an authorization result in view of the determining and the authentication. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification