Sandboxing individual applications to specific user folders in a cloud-based service
First Claim
1. A method for providing a third-party application with access to an area in a user work space of a cloud-based service, the method comprising:
- receiving, by one or more servers of the cloud-based service, a request initiated by the third-party application, wherein the request includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service; and
based on evaluation of the user identifier;
verifying, by the one or more servers, that the third-party application has consent of the user to access to the area of the user work space, wherein the area of the user work space is a subset area of the user work space exclusively accessible by the third-party application,providing the third-party application with a token that allows the third-party application to exclusively access the area of the user work space without providing access to other areas of the user work space, andgranting, based on the token, the third-party application access to the area in the user work space of the cloud-based service.
4 Assignments
0 Petitions
Accused Products
Abstract
An example system and method comprises receiving a request from the third-party application, wherein the request includes a user identifier; allocating an area that is specific for the third-party application and for the user; and granting access of the area to the third-party application. In one embodiments, the method further comprises providing to the third-party application a token which allows the third-party application to access a given area. Additional embodiments provided herein enable a third-party application to use a user identifier (e.g., an email address or other identifiers) of its user to access area specific of a cloud-based environment/platform/services (e.g., collaboration, file sharing, and/or storage services) without necessarily triggering user account authentication, thereby avoiding the process of requiring access codes from the user which can adversely impact user experience as well as compromise security and/or user'"'"'s privacy.
-
Citations
27 Claims
-
1. A method for providing a third-party application with access to an area in a user work space of a cloud-based service, the method comprising:
-
receiving, by one or more servers of the cloud-based service, a request initiated by the third-party application, wherein the request includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service; and based on evaluation of the user identifier; verifying, by the one or more servers, that the third-party application has consent of the user to access to the area of the user work space, wherein the area of the user work space is a subset area of the user work space exclusively accessible by the third-party application, providing the third-party application with a token that allows the third-party application to exclusively access the area of the user work space without providing access to other areas of the user work space, and granting, based on the token, the third-party application access to the area in the user work space of the cloud-based service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing access to an area in a user work space of the cloud-based service to a third-party application associated with a user, the system comprising:
-
one or more processors; and a memory coupled to the one or more processors, the memory having instructions stored thereon, which when executed by the one or more processors, cause the cloud-based system to; receive a request initiated by the third-party application, wherein the request includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service and based on evaluation of the user identifier; verify that the third-party application has consent of the user to access the area of the user work space, wherein the area of the user work space is a subset area of the user work space exclusively accessible by the third-party application, and provide the third-party application with a token that allows the third-party application to exclusively access the area of the user work space without providing access to other areas of the user work space. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable memory having instructions stored therein, which when executed by one or more processors of a system that provides a cloud-based service, cause the system to:
-
process a request to access an area in a user work space of the cloud-based service, wherein the request is initiated by a third-party application and includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service; and based on evaluation of the user identifier; verify that the third-party application has consent of the user to access to the user work space, wherein the area of the user work space is a subset area of the user work space exclusively accessible by the third-party application, provide the third-party application with a token that allows the third-party application to exclusively access the area of the user work space without providing access to other areas of the user work space, and grant, based on the token, the third-party application access to the area in the user work space of the cloud-based service. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer readable storage medium having instructions stored therein, which when executed by one or more processors of a system that provides a collaborative cloud-based service, cause the system to:
-
process a request to access an area in a user work space of the cloud-based service, wherein the request is initiated by a third-party application and includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service; and based on evaluation of the user identifier; verify that the third-party application has consent of the user to access to the area of the user work space, wherein the area of the user work space is a subset area of the user work space exclusively accessible by the third-party application, provide the third-party application with a token that allows the third-party application to exclusively access the area of the user work space without providing access to other areas of the user work space, and grant, based on the token, the third-party application access to the area in the user work space of the cloud-based service.
-
-
27. A method for providing a third-party application with access to an area in a user work space of a cloud-based service, the method comprising:
-
receiving, by one or more servers of the cloud-based service, a request initiated by the third-party application, wherein the request includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service; and based on evaluation of the user identifier; determining whether a work space associated with the user identifier already exists in an environment provided by the cloud-based service, upon determining that a work space associated with the user identifier already exists in an environment provided by the cloud-based service, allocating an area in the work space associated with the user, wherein the area is exclusively accessible by the third-party application and the user and the area is a subset area of the work space associated with the user, providing the third-party application with a token that allows the third-party application to exclusively access the area of the work space associated with the user and without providing access to other areas of the work space associated with the user, and granting, based on the token, the third-party application access to the area in the work space associated with the user.
-
Specification