Flexible authentication framework
First Claim
1. A method for authenticating users in a secure search system for searching a plurality of secure data sources, the method comprising:
- receiving, using one or more processors, user identification information from a user in a secure enterprise system (SES);
providing, using the one or more processors, the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API);
validating, using the one or more processors, the user against at least one identity management system in the plurality of identity management systems;
crawling, using the one or more processors, at least one secure data source in the plurality of secure data sources residing on a plurality of different computer systems that is associated with the at least one identity management system;
building, using the one or more processors, an index of documents from the at least one secure data source based on the crawling;
receiving, using the one or more processors, a query from the user;
calling back, using the one or more processors, at query time into the at least one identity management system to obtain security attribute values for the user;
appending, using the one or more processors, the security attribute values for the user to the query and using the appended query to query the index of documents; and
determining, using the one or more processors, one or more documents from the index of documents in the plurality of secure data sources, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents.
1 Assignment
0 Petitions
Accused Products
Abstract
A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be received at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries.
243 Citations
20 Claims
-
1. A method for authenticating users in a secure search system for searching a plurality of secure data sources, the method comprising:
-
receiving, using one or more processors, user identification information from a user in a secure enterprise system (SES); providing, using the one or more processors, the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); validating, using the one or more processors, the user against at least one identity management system in the plurality of identity management systems; crawling, using the one or more processors, at least one secure data source in the plurality of secure data sources residing on a plurality of different computer systems that is associated with the at least one identity management system; building, using the one or more processors, an index of documents from the at least one secure data source based on the crawling; receiving, using the one or more processors, a query from the user; calling back, using the one or more processors, at query time into the at least one identity management system to obtain security attribute values for the user; appending, using the one or more processors, the security attribute values for the user to the query and using the appended query to query the index of documents; and determining, using the one or more processors, one or more documents from the index of documents in the plurality of secure data sources, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory, computer-readable storage medium comprising instructions that, when executed by one or more processors, cause the one or more processors to authenticate users in a secure search system for searching a plurality of secure data sources by performing operations comprising:
-
receiving user identification information from a user in a secure enterprise system (SES); providing the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); validating the user against at least one identity management system in the plurality of identity management systems; crawling at least one secure data source in the plurality of secure data sources residing on a plurality of different computer systems that is associated with the at least one identity management system; building an index of documents from the at least one secure data source based on the crawling; receiving a query from the user; calling back at query time into the at least one identity management system to obtain security attribute values for the user; appending the security attribute values for the user to the query and using the appended query to query the index of documents; and determining one or more documents from the index of documents in the plurality of secure data sources, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
one or more hardware processors; and one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to authenticate users in a secure search system for searching a plurality of secure data sources by configuring the one or more processors to; receive user identification information from a user in a secure enterprise system (SES); provide the user identification information to a plurality of identity management systems in the SES, wherein each of the plurality of identity management systems receives the user identification information through a respective Application Program Interface (API); validate the user against at least one identity management system in the plurality of identity management systems; crawl at least one secure data source in the plurality of secure data sources residing on a plurality of different computer systems that is associated with the at least one identity management system; build an index of documents from the at least one secure data source based on the crawling; receive a query from the user; call back at query time into the at least one identity management system to obtain security attribute values for the user; append the security attribute values for the user to the query and using the appended query to query the index of documents; and determine one or more documents from the index of documents in the plurality of secure data sources, that are responsive to the query and accessible to the user based on the security attribute values for the user and respective security attributes of the one or more documents. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification