System and/or method for authentication and/or authorization via a network

US 8,997,246 B2
Filed: 10/04/2005
Issued: 03/31/2015
Est. Priority Date: 10/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

connecting a computing platform to a network;

communicating with said network via said computing platform to authenticate one or more users attempting to access at least a portion of an application and/or authorize said one or more users to access said at least a portion of said application;

receiving authorization metadata from said network responsive to authentication and/or authorization of said one or more users;

receiving security metadata from said network responsive to the attempt to access the portion of the application, the portion of the application being controlled by a security policy;

locally storing said received authorization metadata at said computing platform to enable said one or more users to access said at least a portion of said application through said computing platform following a disconnection of said computing platform from said network; and

modifying the authorization metadata according to the security metadata without modifying source code of the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject matter disclosed herein relates to authenticating an identity of users desiring access to an application program and determining whether an authenticated user is authorized to access one or more aspects of the application program.

Citations

68 Claims

1. A method comprising:
- connecting a computing platform to a network;
  
  communicating with said network via said computing platform to authenticate one or more users attempting to access at least a portion of an application and/or authorize said one or more users to access said at least a portion of said application;
  
  receiving authorization metadata from said network responsive to authentication and/or authorization of said one or more users;
  
  receiving security metadata from said network responsive to the attempt to access the portion of the application, the portion of the application being controlled by a security policy;
  
  locally storing said received authorization metadata at said computing platform to enable said one or more users to access said at least a portion of said application through said computing platform following a disconnection of said computing platform from said network; and
  
  modifying the authorization metadata according to the security metadata without modifying source code of the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said at least a portion of said application comprises one or more secured entities.
  - 3. The method of claim 2, wherein said authorization metadata is associated with said one or more secured entities and said one or more users.
  - 4. The method of claim 3, wherein said authorization metadata associates said one or more secured entities with one or more functional abilities.
  - 5. The method of claim 4, wherein said authorization metadata associates said one or more functional abilities with one or more roles associated with said one or more users.
  - 6. The method of claim 1, and further comprising:
    - communicating with a Web service to obtain said authorization metadata, said authorization metadata being indicative of authorization of said one or more users to access said at least a portion of said application.
  - 7. The method of claim 1, and further comprising:
    - affecting run-time behavior of said application following said disconnection from said network based, at least in part, on said stored authorization metadata.

8. An apparatus comprising:
- a computing platform comprising a communication adapter for communicating with a network, said computing platform being adapted to;
  
  host one or more applications;
  
  communicate with said network through said communication adapter to authenticate and/or authorize one or more users attempting to access at least a portion of at least one of said applications, and/or authorize said one or more users to access said at least a portion of said at least one of said applications, and to receive authorization metadata responsive to authentication and/or authorization of said one or more users;
  
  receive security metadata from said network responsive to the attempt to access the portion of the application, the portion of the application being controlled by a security policy;
  
  locally store said received authorization metadata at said computing platform to enable said one or more users to access said at least a portion of said at least one of said applications through said computing platform following a disconnection of said computing platform from said network; and
  
  modify the authorization metadata according to the security metadata without modifying source code of the application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein said at least a portion of said at least one of said applications comprises one or more secured entities.
  - 10. The apparatus of claim 9, wherein said authorization metadata is associated with said one or more secured entities and said one or more users.
  - 11. The apparatus of claim 10, wherein said authorization metadata associates said one or more secured entities with one or more functional abilities.
  - 12. The apparatus of claim 11, wherein said authorization metadata associates said one or more functional abilities with one or more roles associated with said one or more users.
  - 13. The apparatus of claim 8, wherein said computing platform is further adapted to:
    - communicate with a Web service to obtain said authorization metadata, said authorization metadata being indicative of authorization of said one or more users to access said at least a portion of said at least one of said applications.
  - 14. The apparatus of claim 8, wherein said computing platform is further adapted to:
    - affect run-time behavior of said at least one application following said disconnection from said network based, at least in part, on said stored authorization metadata.

15. An apparatus comprising:
- means for connecting a computing platform to a network;
  
  means for communicating with said network via said computing platform to authenticate one or more users attempting to access at least a portion of an application, and/or authorize said one or more users to access said at least a portion of said application;
  
  means for receiving authorization metadata from said network responsive to authentication and/or authorization of said one or more users;
  
  means for receiving security metadata from said network responsive to the attempt to access the portion of the application, the portion of the application being controlled by a security policy;
  
  means for locally storing said received authorization metadata to enable said one or more users to access said at least a portion of said application through said computing platform following a disconnection of said computing platform from said network; and
  
  means for modifying the authorization metadata according to the security metadata without modifying source code of the application.
- View Dependent Claims (16, 17)
- - 16. The apparatus of claim 15, wherein said at least a portion of said application comprises one or more secured entities.
  - 17. The apparatus of claim 16, wherein said authorization metadata is associated with said one or more secured entities and said one or more users.

18. An article comprising:
- a storage device comprising machine-readable instructions stored thereon which are executable by a computing platform to;
  
  communicate with a network to authenticate one or more users attempting to access at least a portion of at least one of one or more applications hosted on said computing platform, and/or authorize said one or more users to access said at least a portion of said at least one of said applications;
  
  receive security metadata from said network responsive to the attempt to access the portion of the application, the portion of the application being controlled by a security policy;
  
  locally store authorization metadata received responsive to authentication and/or authorization of said one or more users at said computing platform to enable said one or more users to access said at least a portion of said at least one of said applications through said computing platform following a disconnection of said computing platform from said network; and
  
  modify the authorization metadata according to the security metadata without modifying source code of the application.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The article of claim 18, wherein said at least a portion of said at least one of said applications comprises one or more secured entities.
  - 20. The article of claim 19, wherein said storage medium further comprises machine-readable instructions stored thereon to enable said access based, at least in part, on said stored authorization metadata, said authorization metadata being associated with said one or more secured entities and said one or more users.
  - 21. The article of claim 20, wherein said authorization metadata associates said one or more secured entities with one or more functional abilities.
  - 22. The article of claim 21, wherein said authorization metadata associates said one or more functional abilities with one or more roles associated with said one or more users.
  - 23. The article of claim 18, wherein said storage medium further comprises machine-readable instructions stored thereon to:
    - communicate with a Web service to obtain said authorization metadata, said authorization metadata being indicative of authorization of said one or more users to access said at least a portion of said at least one of said applications.
  - 24. The article of claim 18, wherein said storage medium further comprises machine-readable instructions stored thereon to affect run-time behavior of said at least one of said applications following said disconnection from said network based, at least in part, on said stored authorization metadata.

25. A method comprising:
- obtaining security metadata through a Web service in response to an attempt by a user to access at least a portion of one or more applications hosted on a computing platform; and
  
  locally storing said obtained security metadata on said computing platform for use in response to subsequent attempts to access said at least a portion of said one or more applications through said computing platform; and
  
  modifying authorization metadata according to the security metadata without modifying source code of the application, the authorization metadata being received from said Web service in response to authentication and/or authorization of said one or more users.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 26. The method of claim 25, wherein said security metadata comprises at least authorization metadata.
  - 27. The method of claim 25, and further comprising:
    - obtaining a USID associated with said user attempting to access at least a portion of a first application in response to an authentication procedure; and
      
      storing said USID on a computing platform hosting said first application.
  - 28. The method of claim 27, wherein said first application substantially comprises a Web application and said storing said USID comprises storing said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 29. The method of claim 28, wherein said cookie comprises a persistent cookie.
  - 30. The method of claim 27, wherein said first application comprises a rich-client application and wherein said storing said USID comprises storing said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 31. The method of claim 25, and further comprising accessing said locally stored security metadata in response to an attempt to access at least a portion of an application.
  - 32. The method of claim 25, and further comprising receiving said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 33. The method of claim 25, and further comprising affecting runtime behavior of said one or more applications on said computing platform based, at least in part, on said locally stored security metadata.
  - 34. The method of claim 25, wherein said at least a portion of said one or more applications comprises a secured entity associated with at least one of said one or more applications.
  - 35. The method of claim 34, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

36. An apparatus comprising:
- means for obtaining security metadata through a Web service in response to an attempt by a user to access at least a portion of one or more applications hosted on a computing platform; and
  
  means for locally storing said obtained security metadata on said computing platform for use in response to subsequent attempts to access said at least a portion of said one or more applications through said computing platform; and
  
  means for modifying authorization metadata according to the security metadata without modifying source code of the application, the authorization metadata being received from said Web service in response to authentication and/or authorization of said one or more users.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 37. The apparatus of claim 36, wherein said security metadata comprises at least authorization metadata.
  - 38. The apparatus of claim 36, and further comprising:
    - means for obtaining a USID associated with said user attempting to access at least a portion of a first application in response to an authentication procedure; and
      
      means for storing said USID on a computing platform hosting said first application.
  - 39. The apparatus of claim 38, wherein said first application substantially comprises a Web application and said means for storing said USID comprises means for storing said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 40. The apparatus of claim 39, wherein said cookie comprises a persistent cookie.
  - 41. The apparatus of claim 38, wherein said first application comprises a rich-client application and wherein said means for storing said USID comprises means for storing said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 42. The apparatus of claim 36, and further comprising means for accessing said locally stored security metadata in response to an attempt to access at least a portion of an application.
  - 43. The apparatus of claim 36, and further comprising receiving said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 44. The apparatus of claim 36, and further comprising affecting runtime behavior of said one or more applications on said computing platform based, at least in part, on said stored security metadata.
  - 45. The apparatus of claim 36, wherein said at least a portion of said one or more applications comprises a secured entity associated with at least one or said one or more of said applications.
  - 46. The apparatus of claim 45, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

47. A computing platform comprising:
- one or more processors;
  
  a storage medium accessible by said one or more processors and storing instructions executable by said one or more processors to provide;
  
  a software component capable of accessing security metadata through a Web service in response to an attempt to access at least a portion of one or more applications; and
  
  an agent of said Web service to locally store said security metadata for use in response to subsequent attempts to access said at least a portion of said one or more applications through said computing platform and modify authorization metadata according to the security metadata without modifying source code of the application, the authorization metadata being received from said Web service in response to authentication and/or authorization of said one or more users.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 48. The computing platform of claim 47, wherein said security metadata comprises at least authorization metadata.
  - 49. The computing platform of claim 47, wherein said software component is capable of obtaining a USID associated with a user attempting to access at least a portion of a first application in response to an authentication procedure and wherein said agent locally stores said USID.
  - 50. The computing platform of claim 49, wherein said first application comprises a Web application and said agent stores said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 51. The computing platform of claim 50, wherein said cookie comprises a persistent cookie.
  - 52. The computing platform of claim 49, wherein said first application comprises a rich-client application and wherein said agent stores said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 53. The computing platform of claim 47, wherein said software component is capable of accessing said security metadata in response to an attempt to access at least a portion of at least one of said one or more applications.
  - 54. The computing platform of claim 47, wherein said computing platform is further adapted to receive said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 55. The computing platform of claim 47, wherein said computing platform is further adapted to affect runtime behavior of said one or more applications based, at least in part, on said locally stored security metadata.
  - 56. The computing platform of claim 47, wherein said at least a portion of said one or more applications comprises a secured entity.
  - 57. The computing platform of claim 56, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

58. An article comprising:
- a storage device comprising machine-readable instructions executable by a processor to;
  
  obtain security metadata through a Web service in response to an attempt by a user to access at least a portion of one or more applications hosted on a computing platform;
  
  locally store said obtained security metadata for use in response to subsequent attempts to access said at least a portion of one or more applications through said computing platform; and
  
  modify authorization metadata according to the security metadata without modifying source code of the application, the authorization metadata being received from said Web service in response to authentication and/or authorization of said one or more users.
- View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
- - 59. The article of claim 58, wherein said security metadata comprises at least authorization metadata.
  - 60. The article of claim 58, wherein said instructions are further executable by said processor to obtain a USID associated with a user attempting to access at least a portion of a first application in response to an authentication procedure and wherein said agent locally stores said USID.
  - 61. The article of claim 60, wherein said first application substantially comprises a Web application and said agent stores said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 62. The article of claim 61, wherein said cookie comprises a persistent cookie.
  - 63. The article of claim 60, wherein said first application substantially comprises a rich-client application and wherein said instructions are further executable by said processor to store said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 64. The article of claim 58, wherein said instructions are further executable by said processor to access said security metadata in response to a request for access of at least a portion of at least one of said one or more applications through said computing platform.
  - 65. The article of claim 58, wherein said instructions are further executable by said processor to receive said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 66. The article of claim 58, wherein said instructions are further executable by said processor to affect runtime behavior of said one or more applications based, at least in part, on said security metadata.
  - 67. The article of claim 58, wherein said at least a portion of said one or more applications comprises a secured entity.
  - 68. The article of claim 67, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Disney Enterprises Incorporated (The Walt Disney Company)
Original Assignee
Disney Enterprises Incorporated (The Walt Disney Company)
Inventors
Grinstein, Doron
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US11/243,817
Publication Number

US 20070079369A1
Time in Patent Office

3,465 Days
Field of Search

None
US Class Current

726/27
CPC Class Codes

G06F 21/31   User authentication

G06F 21/629   to features or functions of...

H04L 63/08   for authentication of entit...

System and/or method for authentication and/or authorization via a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

68 Claims

Specification

Solutions

Use Cases

Quick Links

System and/or method for authentication and/or authorization via a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

68 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links