PROPAGATING USER IDENTITIES IN A SECURE FEDERATED SEARCH SYSTEM
First Claim
1. A method, comprising:
- creating a first set of security values based on security credentials obtained from a user and first security attributes for a first identity management system, wherein the first identity management system manages identities for a first secure data source;
creating a second set of security values based on the security credentials obtained from the user and second security attributes for a second identity management system, wherein the second identity management system manages identities for a second secure data source;
wherein the second identity management system manages identities for a second secure data source that is different from the first secure data source;
receiving a query from the user;
embedding the first set of security values into the query to create a first appended query, and querying the first secure data source based on the first appended query;
embedding the second set of security values into the query to create a second appended query, and querying the second secure data source based on the second appended query;
in response to querying the first secure data source, receiving a first search result list comprising first search result entries, and in response to querying the second secure data source, receiving a second search result list comprising second search result entries;
creating a single ranked search result list comprising a merge of the first search result entries with the second search result entries;
returning the single ranked search result list to the user.
0 Assignments
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
22 Citations
21 Claims
-
1. A method, comprising:
-
creating a first set of security values based on security credentials obtained from a user and first security attributes for a first identity management system, wherein the first identity management system manages identities for a first secure data source; creating a second set of security values based on the security credentials obtained from the user and second security attributes for a second identity management system, wherein the second identity management system manages identities for a second secure data source; wherein the second identity management system manages identities for a second secure data source that is different from the first secure data source; receiving a query from the user; embedding the first set of security values into the query to create a first appended query, and querying the first secure data source based on the first appended query; embedding the second set of security values into the query to create a second appended query, and querying the second secure data source based on the second appended query; in response to querying the first secure data source, receiving a first search result list comprising first search result entries, and in response to querying the second secure data source, receiving a second search result list comprising second search result entries; creating a single ranked search result list comprising a merge of the first search result entries with the second search result entries; returning the single ranked search result list to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. The method comprising:
-
receiving a user query and user identity information from a remote search engine broker; and authenticating the remote search engine broker using a first identity management system; obtaining user security credentials from a second identity management system based on the user identity information; creating a first set of security values based on the user security credentials; embedding the first set of security values into the user query to create a first appended query; querying a first data source based on the first appended query; in response to querying the first data source, determining a first set of search results; and sending the first set of search results to the remote search engine broker. - View Dependent Claims (16, 17)
-
-
18. A computer system, comprising:
-
a plurality of processors; a memory coupled to one or more processors of the plurality of processors, the memory storing instructions, which when executed by the one or more processors comprises; a plurality of secure data sources, each secure data source associated with an identity management system of the plurality of identity management systems; and a broker operable to; receive first user credentials and a query from a user; for said each secure data source; map the first user credentials to second user credentials that are different from the first user credentials; extract security values from an identity management system based on the second user credentials, the security attributes corresponding to the security attributes used by said each secure data source to express access policy; embed the extracted security values into the query to create an appended query; receive a search result set corresponding to said each secure data source; and consolidate said each search result set corresponding to said each secure data source into a single ranked search result set. - View Dependent Claims (19, 20, 21)
-
Specification