Microservices based multi-tenant identity and data security management cloud service

US 9,838,376 B1
Filed: 03/06/2017
Issued: 12/05/2017
Est. Priority Date: 05/11/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management in a system that supports a plurality of tenants, the providing comprising:

receiving a request for performing an identity management service, wherein the request comprises a call to an application programming interface (API) that identifies the identity management service and a microservice out of a plurality of microservices that is configured to perform the identity management service;

authenticating the request, wherein the request comprises a uniform resource locator (URL), wherein the microservice is identified in a first portion of the URL, a second portion of the URL identifies the API, and a third portion of the URL identifies a tenant out of the plurality of tenants;

accessing the identified microservice; and

performing the identity management service by the microservice using resources that correspond to the identified tenant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides cloud-based identity and access management. The system receives a request for performing an identity management service, where the request includes a call to an application programming interface (“API”) that identifies the identity management service and a microservice configured to perform the identity management service. The system authenticates the request, accesses the microservice, and performs the identity management service by the microservice.

Citations

20 Claims

1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud-based identity and access management in a system that supports a plurality of tenants, the providing comprising:
- receiving a request for performing an identity management service, wherein the request comprises a call to an application programming interface (API) that identifies the identity management service and a microservice out of a plurality of microservices that is configured to perform the identity management service;
  
  authenticating the request, wherein the request comprises a uniform resource locator (URL), wherein the microservice is identified in a first portion of the URL, a second portion of the URL identifies the API, and a third portion of the URL identifies a tenant out of the plurality of tenants;
  
  accessing the identified microservice; and
  
  performing the identity management service by the microservice using resources that correspond to the identified tenant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer readable medium of claim 1, wherein communicating with the microservice is configured through an unnamed universal port of the microservice.
  - 3. The computer readable medium of claim 1, wherein the microservice provides one or more capabilities by exposing one or more APIs, wherein communication with the microservice is implemented only through the one or more APIs.
  - 4. The computer readable medium of claim 1, wherein the microservice is stateless, horizontally scalable, and independently deployable.
  - 5. The computer readable medium of claim 1, wherein each physical implementation of the microservice is configured to securely support multiple tenants.
  - 6. The computer readable medium of claim 1, wherein the identity management service comprises a login service, a single sign on (SSO) service, a federation service, a token service, a directory service, a provisioning service, or a role-based access control (RBAC) service.
  - 7. The computer readable medium of claim 1, wherein communication with the microservice is configured according to a lightweight protocol.
  - 8. The computer readable medium of claim 7, wherein the lightweight protocol comprises a Hypertext Transfer Protocol (HTTP) and a Representational State Transfer (REST) protocol, wherein the request comprises a call to a RESTful HTTP API.
  - 9. The computer readable medium of claim 1, wherein the microservice performs the identity management service based on tenant data stored in a database, wherein the database and the microservice are configured to scale independently of one another.
  - 10. The computer readable medium of claim 9, wherein the database comprises a distributed data grid.

11. A method of providing cloud-based identity and access management in a system that supports a plurality of tenants, the method comprising:
- receiving a request for performing an identity management service, wherein the request comprises a call to an application programming interface (API) that identifies the identity management service and a microservice out of a plurality of microservices that is configured to perform the identity management service;
  
  authenticating the request, wherein the request comprises a uniform resource locator (URL), wherein the microservice is identified in a first portion of the URL, a second portion of the URL identifies the API, and a third portion of the URL identifies a tenant out of the plurality of tenants;
  
  accessing the identified microservice; and
  
  performing the identity management service by the microservice using resources that correspond to the identified tenant.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein communicating with the microservice is configured through an unnamed universal port of the microservice.
  - 13. The method of claim 11, wherein the microservice provides one or more capabilities by exposing one or more APIs, wherein communication with the microservice is implemented only through the one or more APIs.
  - 14. The method of claim 11, wherein the microservice is stateless, horizontally scalable, and independently deployable.
  - 15. The method of claim 11, wherein each physical implementation of the microservice is configured to securely support multiple tenants.
  - 16. The method of claim 11, wherein the identity management service comprises a login service, a single sign on (SSO) service, a federation service, a token service, a directory service, a provisioning service, or a role-based access control (RBAC) service.
  - 17. The method of claim 11, wherein communication with the microservice is configured according to a lightweight protocol.
  - 18. The method of claim 11, wherein the microservice performs the identity management service based on tenant data stored in a database, wherein the database and the microservice are configured to scale independently of one another and the database comprises a distributed data grid.

19. A system for providing cloud-based identity and access management, comprising:
- a plurality of tenants;
  
  a plurality of microservices;
  
  a receiving module that receives a request for performing an identity management service, wherein the request comprises a call to an application programming interface (API) that identifies the identity management service and a microservice out of the plurality of microservices that is configured to perform the identity management service;
  
  an authenticating module that authenticates the request, wherein the request comprises a uniform resource locator (URL), wherein the microservice is identified in a first portion of the URL, a second portion of the URL identifies the API, and a third portion of the URL identifies a tenant out of the plurality of tenants;
  
  an accessing module that accesses the identified microservice; and
  
  a performing module that performs the identity management service by the microservice using resources that correspond to the identified tenant.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the microservice performs the identity management service based on tenant data stored in a database, wherein the database and the microservice are configured to scale independently of one another and the database comprises a distributed data grid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Lander, Vadim, Carru, Damien, Cole, Gary P., Sondhi, Ajay, Wilson, Gregg
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/450,512
Publication Number

US 20170331812A1
Time in Patent Office

274 Days
Field of Search

726 7
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/104   Grouping of entities

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

Microservices based multi-tenant identity and data security management cloud service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Microservices based multi-tenant identity and data security management cloud service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links