Federated timeout
First Claim
Patent Images
1. A method implemented in a non-transitory machine-readable storage medium and processed by a machine configured to perform the method, comprising:
- maintaining, at the machine, a last-recorded activity time for a session reflecting an up-to-date time for a most recent activity occurring in the session between a principal and second principals, wherein maintaining further includes obtaining the most recent activity from a domain identified in a token with the principal and the second principals configured for reporting session activity to that domain; and
communicating, at the machine, the last-recorded activity time to a requesting principal before the requesting principal times out of the session due to that requesting principal'"'"'s inactivity for a predefined amount of time within the session and the predefined amount of time for the inactivity is provided from the requesting principal as a dynamic query that is initiated from the requesting principal for the last-recorded activity time before that requesting principal times out of the session, and wherein updating, by the requesting principal, a principal maintained last activity time maintained by the requesting principal with the last-recorded activity time, wherein each principal updates that principal'"'"'s individually maintained last activity time with the last-recorded activity time communicated and wherein none of the principals is permitted to time out of the session when at least one of the principals has a particular maintained last activity time that has not exceeded the predefined amount of time of inactivity.
12 Assignments
0 Petitions
Accused Products
Abstract
Techniques for workload federated timeout are presented. A federated service manages communications between service components of a system. Each component queries the federated service to determine a last activity time by the other components of the system before timing out during a session. Each component can update its last activity time based on the discovered last activity time of one of the components to prevent a premature time out from the session.
-
Citations
20 Claims
-
1. A method implemented in a non-transitory machine-readable storage medium and processed by a machine configured to perform the method, comprising:
-
maintaining, at the machine, a last-recorded activity time for a session reflecting an up-to-date time for a most recent activity occurring in the session between a principal and second principals, wherein maintaining further includes obtaining the most recent activity from a domain identified in a token with the principal and the second principals configured for reporting session activity to that domain; and communicating, at the machine, the last-recorded activity time to a requesting principal before the requesting principal times out of the session due to that requesting principal'"'"'s inactivity for a predefined amount of time within the session and the predefined amount of time for the inactivity is provided from the requesting principal as a dynamic query that is initiated from the requesting principal for the last-recorded activity time before that requesting principal times out of the session, and wherein updating, by the requesting principal, a principal maintained last activity time maintained by the requesting principal with the last-recorded activity time, wherein each principal updates that principal'"'"'s individually maintained last activity time with the last-recorded activity time communicated and wherein none of the principals is permitted to time out of the session when at least one of the principals has a particular maintained last activity time that has not exceeded the predefined amount of time of inactivity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method implemented in a non-transitory machine-readable storage medium and processed by a machine configured to perform the method, comprising:
-
authenticating, at the machine, a principal during a login to a session between the principal and a second principal and providing the principal and the second principal with a domain for reporting session activity; generating, at the machine, an assertion, the assertion identifying a federated timeout controller that the second principal and other third principals interact with during the session and last activity times for the session reported by the principal, the second principal, and the other third principals on the domain and the principal, the second principal, and the other third principals request a most-recent activity time for the session from the federated timeout controller before timing out during the session, and wherein generating further includes dynamically querying, by the principals, the federated timeout controller for obtaining the most-recent activity time, and updating, by the principals local most-recent activity times maintained by the principals with the most-recent activity time, wherein each principal updates that principal'"'"'s local most-recent activity time with the most-recent activity time and none of the principals are permitted to timeout of the session unless all of the local most-recent activity times being individually updated by the principals with the most-recent activity time, as provided by the federated controller, exceed a predefined amount of time of inactivity for the session; establishing, from the machine, the session and communicating the assertion to the second principal and the other third principals. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a first processing device having an identity provider implemented and residing as instructions within a non-transitory computer-readable storage medium that processes on the first processing device; and a second processing device having a federated timeout controller implemented and residing as instructions within a non-transitory computer-readable storage medium that processes on the second processing device; wherein the identity provider is configured to configure principals to report activity times to the federated timeout controller though a domain monitored by the federated timeout controller during a session and to configure the principals for dynamically querying the federated timeout controller for a most-recent activity time and the principals to update local most-recent activity times being individually maintained by the principals with the most-recent activity time before making a decision to time out of the session, wherein each principal updates that principal'"'"'s individually maintained activity time with the most-recent activity time provided by the federated timeout controller, the federated timeout controller is configured to maintain the most-recent activity time for the principals and deliver the most-recent activity time upon request from one of the principals during the session when that requesting principal attempts to time out of the session, and wherein none of the principals are permitted to time out of the session when at least one principal has activity within the session within a predefined period of time that has not exceeded the most-recent activity time managed by the federated timeout controller. - View Dependent Claims (19, 20)
-
Specification