Liberty discovery service enhancements

US 7,565,356 B1
Filed: 04/30/2004
Issued: 07/21/2009
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

storing, in a repository, a first association between a particular user characteristic and a first user;

storing, in the repository, a second association between the particular user characteristic, which is associated with the first user, and a second user that is separate from the first user;

after storing the associations between the particular user characteristic and the first and second users, storing, in the repository, a third association between (a) first web service provider (WSP) access information, which indicates how to access a first WSP, and (b) the particular user characteristic;

a directory service provider (DSP) receiving, from a second WSP that is separate from the first WSP, a first request for access information for WSP instances, wherein the first request indicates first identifying information that is associated with the first user;

in response to the DSP receiving the first request, the DSP searching the repository for user characteristics that are associated with the first user;

the DSP determining, from the repository-stored first association between the particular user characteristic and the first user, that the first user is associated with the particular user characteristic;

in response to determining that the first user is associated with the particular user characteristic, the DSP searching the repository for WSP access information that is associated with the particular user characteristic;

the DSP determining, from the repository-stored third association between the particular user characteristic and the first WSP access information, that the particular user characteristic is associated with the first WSP access information;

in response to a determination that the particular user characteristic is associated with the first WSP access information, the DSP sending the first WSP access information to the second WSP in a response to the first request from the second WSP;

wherein the second WSP uses the first WSP access information to send, to a Universal Resource Identifier (URI) that is specified in the first WSP access information, a request for information that the first WSP maintains regarding the first user;

instantiating an instance of a template class, wherein an attribute of the instance of the template class indicates the first WSP access information;

establishing an association between the particular user characteristic and the instance of the template class;

determining that the particular user characteristic is associated with a particular credential type;

in response to a determination that the particular user characteristic is associated with the particular credential type, generating a credential of the particular credential type;

sending the credential in the response to the first request;

determining that the particular user characteristic is associated with a particular function;

in response to a determination that the particular user characteristic is associated with the particular function, using the particular function to generate second identifying information; and

sending the second identifying information in the response to the first request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is disclosed for providing a user'"'"'s web service provider'"'"'s (WSP'"'"'s) access information to a web service consumer (WSC). In one embodiment, a directory service provider (DSP) receives, from a WSC, a request for a particular user'"'"'s WSP access information. The request contains identifying information that is associated with the particular user. A repository indicates, for each user, an associated user characteristic. Each user characteristic is associated with a separate template object that indicates one or more WSP instances'"'"' access information. In response to receiving the request, the DSP determines, from the repository, the user characteristic that is associated with the particular user. The DSP sends, in a response to the WSC'"'"'s request, the one or more WSP instances'"'"' access information that is indicated in the template object that is associated with the particular user'"'"'s associated user characteristic. The WSC may use the WSP access information to direct a query to a particular WSP.

58 Citations

View as Search Results

9 Claims

1. A machine-implemented method, comprising:
- storing, in a repository, a first association between a particular user characteristic and a first user;
  
  storing, in the repository, a second association between the particular user characteristic, which is associated with the first user, and a second user that is separate from the first user;
  
  after storing the associations between the particular user characteristic and the first and second users, storing, in the repository, a third association between (a) first web service provider (WSP) access information, which indicates how to access a first WSP, and (b) the particular user characteristic;
  
  a directory service provider (DSP) receiving, from a second WSP that is separate from the first WSP, a first request for access information for WSP instances, wherein the first request indicates first identifying information that is associated with the first user;
  
  in response to the DSP receiving the first request, the DSP searching the repository for user characteristics that are associated with the first user;
  
  the DSP determining, from the repository-stored first association between the particular user characteristic and the first user, that the first user is associated with the particular user characteristic;
  
  in response to determining that the first user is associated with the particular user characteristic, the DSP searching the repository for WSP access information that is associated with the particular user characteristic;
  
  the DSP determining, from the repository-stored third association between the particular user characteristic and the first WSP access information, that the particular user characteristic is associated with the first WSP access information;
  
  in response to a determination that the particular user characteristic is associated with the first WSP access information, the DSP sending the first WSP access information to the second WSP in a response to the first request from the second WSP;
  
  wherein the second WSP uses the first WSP access information to send, to a Universal Resource Identifier (URI) that is specified in the first WSP access information, a request for information that the first WSP maintains regarding the first user;
  
  instantiating an instance of a template class, wherein an attribute of the instance of the template class indicates the first WSP access information;
  
  establishing an association between the particular user characteristic and the instance of the template class;
  
  determining that the particular user characteristic is associated with a particular credential type;
  
  in response to a determination that the particular user characteristic is associated with the particular credential type, generating a credential of the particular credential type;
  
  sending the credential in the response to the first request;
  
  determining that the particular user characteristic is associated with a particular function;
  
  in response to a determination that the particular user characteristic is associated with the particular function, using the particular function to generate second identifying information; and
  
  sending the second identifying information in the response to the first request.
- View Dependent Claims (2, 7)
- - 2. The method of claim 1, further comprising:
    - the DSP receiving a second request for access information for WSP instances, wherein the second request indicates second identifying information that is associated with the second user;
      
      the DSP determining that the second user is associated with the particular user characteristic; and
      
      in response to a determination that the particular user characteristic is associated with the first WSP access information,the DSP sending the first WSP access information in a response to the second request.
  - 7. The method of claim 1, wherein:
    - the first WSP access information does not contain any username of the first user; and
      
      the first WSP access information does not contain any password of the first user.

3. A machine-readable storage medium, comprising:
- instructions for causing one or more processors to cause storing, in a repository, an association between a particular user characteristic and a first user;
  
  instructions for causing one or more processors to cause storing, in the repository, an association between the particular user characteristic, which is associated with the first user, and a second user that is separate from the first user;
  
  instructions for causing one or more processors to cause storing, in the repository, after storing the associations between the particular user characteristic and the first and second users, an association between (a) first web service provider (WSP) access information, which indicates how to access a first WSP, and (b) the particular user characteristic;
  
  instructions for causing one or more processors to cause a directory service provider (DSP) to receive, from a second WSP that is separate from the first WSP, a first request for accessinformation for WSP instances, wherein the first request indicates first identifying information that is associated with the first user;
  
  instructions for causing one or more processors to cause the DSP to search the repository, in response to receiving the first request, for user characteristics that are associated with the first user;
  
  instructions for causing one or more processors to cause a DSP to determine, from the repository-stored association between the particular user characteristic and the first user, that the first user is associated with the particular user characteristic;
  
  instructions for causing one or more processors to cause the DSP to search the repository, in response to determining that the first user is associated with the particular user characteristic, for WSP access information that is associated with the particular user characteristic;
  
  instructions for causing one or more processors to cause the DSP to determine, from the repository-stored association between the particular user characteristic and the first WSP access information, that the particular user characteristic is associated with the first WSP access information;
  
  instructions for causing one or more processors to cause the DSP to send, in response to a determination that the particular user characteristic is associated with the first WSP access information, the first WSP access information to the second WSP in a response to the first request from the second WSP;
  
  wherein the second WSP uses the first WSP access information to send, to a Universal Resource Identifier (URI) that is specified in the first WSP access information, a request for information that the first WSP maintains regarding the first user;
  
  instructions for causing one or more processors to instantiate an instance of a template class, wherein an attribute of the instance of the template class indicates the first WSP access information;
  
  instructions for causing one or more processors to establish an association between the particular user characteristic and the instance of the template class;
  
  instructions for causing one or more processors to determine that the particular user characteristic is associated with a particular credential type;
  
  instructions for causing one or more processors to generate, in response to a determination that the particular user characteristic is associated with the Particular credential type, a credential of the particular credential type;
  
  instructions for causing one or more processors to send the credential in the response to the first request;
  
  instructions for causing one or more processors to determine that the particular user characteristic is associated with a particular function;
  
  instructions for causing one or more processors to use, in response to a determination that the particular user characteristic is associated with the particular function, the particular function to generate second identifying information; and
  
  instructions for causing one or more processors to send the second identifying information in the response to the first request.
- View Dependent Claims (4, 8)
- - 4. The machine-readable storage medium of claim 3, further comprising:
    - instructions for causing one or more processors to cause the DSP to receive a second request for access information for an WSP, wherein the second request indicates second identifying information that is associated with the second user;
      
      instructions for causing one or more processors to cause the DSP to determine that the second user is associated with the particular user characteristic;
      
      instructions for causing one or more processors to cause the DSP to send, in response to a determination that the particular user characteristic is associated with the first WSP access information, the first WSP access information in a response to the second request.
  - 8. The machine-readable storage medium of claim 3, wherein:
    - the first WSP access information does not contain any username of the first user; and
      
      the first WSP access information does not contain any password of the first user.

5. An apparatus, comprising:
- one or more processors;
  
  a mechanism, executing using the one or more processors, for storing, in a repository, an association between a particular user characteristic and a first user;
  
  a mechanism, executing using the one or more processors, for storing, in the repository, an association between the particular user characteristic, which is associated with the first user, and a second user that is separate from the first user;
  
  a mechanism, executing using the one or more processors, for storing, in the repository, after storing the associations between the particular user characteristic and the first and second users, an association between (a) first web service provider (WSP) access information, which indicates how to access a first WSP, and (b) the particular user characteristic that is associated with two or more users;
  
  a mechanism, executing using the one or more processors, for receiving, at a directory service provider (DSP), from a second WSP that is separate from the first WSP, a first request for access information for WSP instances, wherein the first request indicates first identifying information that is associated with the first user;
  
  a mechanism, executing using the one or more processors, for causing the DSP to search the repository, in response to the DSP receiving the first request, for user characteristics that are associated with the first user;
  
  a mechanism, executing using the one or more processors, for determining, at the DSP, from the repository-stored association between the particular user characteristic and the first user, that the first user is associated with the particular user characteristic;
  
  a mechanism, executing using the one or more processors, for causing the DSP to search the repository, in response to determining that the first user is associated with the particular user characteristic, for WSP access information that is associated with the particular user characteristic;
  
  a mechanism, executing using the one or more processors, for determining, at the DSP, from the repository-stored association between the particular user characteristic and the first WSP access information, that the particular user characteristic is associated with the first WSP access information;
  
  a mechanism, executing using the one or more processors, for sending, from the DSP, in response to a determination that the particular user characteristic is associated with the first WSP access information, the first WSP access information to the second WSP in a response to the first request from the second WSP;
  
  wherein the second WSP uses the first WSP access information to send, to a Universal Resource Identifier (URI) that is specified in the first WSP access information, a request for information that the first WSP maintains regarding the first user;
  
  a mechanism, executing using the one or more processors, for instantiating an instance of a template class, wherein an attribute of the instance of the template class indicates the first WSP access information;
  
  a mechanism, executing using the one or more processors, for establishing an association between the particular user characteristic and the instance of the template class;
  
  a mechanism, executing using the one or more processors, for determining that the particular user characteristic is associated with a particular credential type;
  
  a mechanism, executing using the one or more processors, for generating, in response to a determination that the particular user characteristic is associated with the particular credential type, a credential of the particular credential type;
  
  a mechanism, executing using the one or more processors, for sending the credential in the response to the first request;
  
  a mechanism, executing using the one or more processors, for determining that the particular user characteristic is associated with a particular function;
  
  a mechanism, executing using the one or more processors, for using, in response to a determination that the particular user characteristic is associated with the particular function, the particular function to generate second identifying information; and
  
  a mechanism, executing using the one or more processors, for sending the second identifying information in the response to the first request.
- View Dependent Claims (6, 9)
- - 6. The apparatus of claim 5, further comprising:
    - a mechanism, executing using the one or more processors, for receiving, at the DSP, a second request for access information for WSP instances, wherein the second request indicates second identifying information that is associated with the second user;
      
      a mechanism, executing using the one or more processors, for determining, at the DSP, that the second user is associated with the particular user characteristic;
      
      a mechanism, executing using the one or more processors, for sending, from the DSP, in response to a determination that the particular user characteristic is associated with the first WSP access information, the first WSP access information in a response to the second request.
  - 9. The apparatus of claim 5, wherein:
    - the first WSP access information does not contain any username of the first user; and
      
      the first WSP access information does not contain any password of the first user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Xu, Emily Hong, Lue, Xuerbin, Angal, Rajeev, Cheng, Qingwen
Primary Examiner(s)
Le; Jessica N

Application Number

US10/837,146
Time in Patent Office

1,908 Days
Field of Search

707/10, 705/14, 713/186
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99936   Pattern matching access

Y10S 707/99939   Privileged access

Y10S 707/99943   Generating database or data...

Liberty discovery service enhancements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Liberty discovery service enhancements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links