Propagating user identities in a secure federated search system
First Claim
1. A method comprising:
- receiving a log on request from an end user to a broker search engine instance and issuing a query;
collecting, by the broker search engine instance, the end user'"'"'s security information from an identity management system registered on the broker server engine instance;
collecting, by the broker server engine instance, security attribute values from data sources separately for the logged on end user;
creating, by the broker server engine instance, a security filter based on the information collected from the identity management system and the data sources;
filtering, using the security filter, the end user'"'"'s security information from the identity management system registered on the broker server engine instance with the security attribute values from each of the data sources to create sets of security values corresponding to the security attribute values for the identity management system;
appending, by the broker server engine instance, the sets of security values to the security filter to the end user'"'"'s query to perform a search on local data sources and receive results with a local relevancy algorithm; and
automatically launching a crawl of the data sources using the appended end user'"'"'s query which includes the sets of security values corresponding to the security attribute values for the identity management system to provide access to the data sources, wherein only the data sources which the security attribute values provide access to are returned to the end user as results of the crawl.
0 Assignments
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
195 Citations
20 Claims
-
1. A method comprising:
-
receiving a log on request from an end user to a broker search engine instance and issuing a query; collecting, by the broker search engine instance, the end user'"'"'s security information from an identity management system registered on the broker server engine instance; collecting, by the broker server engine instance, security attribute values from data sources separately for the logged on end user; creating, by the broker server engine instance, a security filter based on the information collected from the identity management system and the data sources; filtering, using the security filter, the end user'"'"'s security information from the identity management system registered on the broker server engine instance with the security attribute values from each of the data sources to create sets of security values corresponding to the security attribute values for the identity management system; appending, by the broker server engine instance, the sets of security values to the security filter to the end user'"'"'s query to perform a search on local data sources and receive results with a local relevancy algorithm; and automatically launching a crawl of the data sources using the appended end user'"'"'s query which includes the sets of security values corresponding to the security attribute values for the identity management system to provide access to the data sources, wherein only the data sources which the security attribute values provide access to are returned to the end user as results of the crawl. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium having sets of instructions stored thereon which, when executed by a computer, cause the computer to:
-
receive a log on request from an end user to a broker search engine instance and issuing a query; collect, by a broker search engine instance, the end user'"'"'s security information from an identity management system registered on the broker server engine instance; collect, by the broker server engine instance, security attribute values from data sources separately for the logged on end user; create, by the broker server engine instance, a security filter based on the information collected from the identity management system and the data sources; filter, using the security filter, the end user'"'"'s security information from the identity management system registered on the broker server engine instance with the security attribute values from each of the data sources to create sets of security values corresponding to the security attribute values for the identity management system; append, by the broker server engine instance, the sets of security values to the security filter to the end user'"'"'s query to perform a search on local data sources and receive results with a local relevancy algorithm; and automatically launch a crawl of the data sources using the appended end user'"'"'s query which includes the sets of security values corresponding to the security attribute values for the identity management system to provide access to the data sources, wherein only the data sources which the security attribute values provide access to are returned to the end user as results of the crawl. - View Dependent Claims (16, 17)
-
-
18. A system comprising:
-
a storage device having sets of instructions stored thereon; and a computer processor in communication with the storage device, wherein when the sets of instructions are executed by the computer processor, the computer processor is configured to; receive a log on request from an end user to a broker search engine instance and issuing a query; collect, by the broker search engine instance, the end user'"'"'s security information from an identity management system registered on the broker server engine instance; collect, by the broker server engine instance, security attribute values from each data sources separately for the logged on end user; create, by the broker server engine instance, a security filter based on the information collected from the identity management system and the data sources; filter, using the security filter, the end user'"'"'s security information from the identity management system registered on the broker server engine instance with the security attribute values from each of the data sources to create sets of security values corresponding to the security attribute values for the identity management system; append, by the broker server engine instance, the sets of security values to the security filter to the end user'"'"'s query to perform a search on local data sources and receive results with a local relevancy algorithm; and automatically launch a crawl of the data sources using the appended end user'"'"'s query which includes the sets of security values corresponding to the security attribute values for the identity management system to provide access to the data sources, wherein only the data sources which the security attribute values provide access to are returned to the end user as results of the crawl. - View Dependent Claims (19, 20)
-
Specification