Flexible authentication framework
First Claim
1. A method for authenticating users in a secure search system, comprising:
- receiving, using one or more processors, user identification information from a user in a secure enterprise system;
authenticating, using the one or more processors, the user to a plurality of secure data sources by providing the user identification information to a plurality of application program interfaces (APIs), with each API interfacing with a respective identity management computer system, and with each identity management computer system of a plurality of identity management computer systems managing identities for one or more secure data sources in the secure enterprise system, where each secure data source provides access to data by authenticated and authorized users, where a number or types of objects representing the user identification information required by a first identity management computer system is different from a number or types of objects representing the user identification information required by a second identity management computer system;
crawling, using the one or more processors, a secure data source associated with the at least one identity management computer system and building an index of documents based on the crawling;
receiving, using the one or more processors, a query from the user;
calling, using the one or more processors, back into the at least one identity management computer system to obtain a security attribute value for the user in response to the query;
appending, using the one or more processors, the security attribute value for the user to the query and using the appended query to query the index; and
based on the appended query and security attributes of documents in the secure data source, determining, using the one or more processors, one or more documents from the index of documents, that are accessible to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
227 Citations
18 Claims
-
1. A method for authenticating users in a secure search system, comprising:
-
receiving, using one or more processors, user identification information from a user in a secure enterprise system; authenticating, using the one or more processors, the user to a plurality of secure data sources by providing the user identification information to a plurality of application program interfaces (APIs), with each API interfacing with a respective identity management computer system, and with each identity management computer system of a plurality of identity management computer systems managing identities for one or more secure data sources in the secure enterprise system, where each secure data source provides access to data by authenticated and authorized users, where a number or types of objects representing the user identification information required by a first identity management computer system is different from a number or types of objects representing the user identification information required by a second identity management computer system; crawling, using the one or more processors, a secure data source associated with the at least one identity management computer system and building an index of documents based on the crawling; receiving, using the one or more processors, a query from the user; calling, using the one or more processors, back into the at least one identity management computer system to obtain a security attribute value for the user in response to the query; appending, using the one or more processors, the security attribute value for the user to the query and using the appended query to query the index; and based on the appended query and security attributes of documents in the secure data source, determining, using the one or more processors, one or more documents from the index of documents, that are accessible to the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium storing instructions, which when executed by one or more processors cause the one or more processors to authenticate users in a secure search system, the instructions comprising:
-
instructions for receiving user identification information from a user in a secure enterprise system; instructions for authenticating the user to a plurality of secure data sources by providing the user identification information to a plurality of application program interfaces (APIs), with each API interfacing with a respective identity management computer system, and with each identity management computer system of a plurality of identity management computer systems managing identities for one or more secure data sources in the secure enterprise system, where each secure data source provides access to data by authenticated and authorized users, where a number or types of objects representing the user identification information required by a first identity management computer system is different from a number or types of objects representing the user identification information required by a second identity management computer system; instructions for crawling a secure data source associated with the at least one identity management computer system and building an index of documents based on the crawling; instructions for receiving a query from the user; instructions for calling back into the at least one identity management computer system to obtain a security attribute value for the user in response to the query; instructions for appending the security attribute value for the user to the query and using the appended query to query the index; and instructions for determining, based on the appended query and security attributes of documents in the secure data source, one or more documents from the index of documents, that are accessible to the user. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A secure search system comprising:
-
one or more hardware processors; and one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving user identification information from a user in a secure enterprise system; authenticating the user to a plurality of secure data sources by providing the user identification information to a plurality of application program interfaces (APIs), with each API interfacing with a respective identity management computer system, and with each identity management computer system of a plurality of identity management computer systems managing identities for one or more secure data sources in the secure enterprise system, where each secure data source provides access to data by authenticated and authorized users, where a number or types of objects representing the user identification information required by a first identity management computer system is different from a number or types of objects representing the user identification information required by a second identity management computer system; crawling a secure data source associated with the at least one identity management computer system and building an index of documents based on the crawling; receiving a query from the user; calling back into the at least one identity management computer system to obtain a security attribute value for the user in response to the query; appending the security attribute value for the user to the query and using the appended query to query the index; and based on the appended query and security attributes of documents in the secure data source, determining one or more documents from the index of documents, that are accessible to the user. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification