Multi-tenancy support for enterprise social business computing

US 9,515,950 B2
Filed: 11/14/2013
Issued: 12/06/2016
Est. Priority Date: 03/15/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method for enabling at least a first user to utilize a multi-tenant computing environment, wherein the multi-tenant computing environment comprises at least a first computing resource associated with a first tenant and a second computing resource associated with a second tenant, the method comprising:

assigning, by a processor, a first user account to the first user, wherein the first user account has associated therewith first user account information comprising at least one user account indicium that is unique across the multi-tenant computing environment;

linking by the processor, to the first user account, a first subscription, wherein the first subscription has associated therewith first subscription information;

linking by the processor, to the first user account, a second subscription, wherein the second subscription has associated therewith second subscription information;

receiving from the first user, by the processor, at least the user account indicium in connection with a log-in to the multi-tenant computing environment by the first user;

permitting, by the processor, access to the first computing resource for the first user account based upon the log-in with the user account indicium and the first subscription information of the first subscription that is linked to the first user account; and

permitting, by the processor, access to the second computing resource for the first user account based upon the log-in with the user account indicium and the second subscription information of the second subscription that is linked to the first user account;

wherein a list of subscriptions for the first user account determines whether the first user account can move among different tenants;

wherein, in the event of inactivation of the first user account, the first subscription cannot be used to access the first computing resource and the second subscription cannot be used to access the second computing resource;

wherein, in the event of reactivation of the first user account after being deactivated, all user application data will again be available to the first user account; and

wherein, in the event of termination of the first user account, all user application data will be deleted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms are provided for enabling collaboration across tenants in a multi-tenant environment using single sign-on (SSO) authentication/authorization. Various examples provide for creating a user account and provisioning a subscription to a user (e.g., to enable single sign-on authentication/authorization). The user is allowed to access services (e.g., collaborative services) in a multi-tenant environment by utilizing a subscription authorization of the user without prompting the user to authenticate by logging-in again (that is, without prompting the user to log-in again after the user has already logged-in and been authenticated for a given session). Other examples provide for mapping webspaces through URL hosts where each organization (that is, tenant) has its own set of namespace(s).

23 Citations

View as Search Results

10 Claims

1. A method for enabling at least a first user to utilize a multi-tenant computing environment, wherein the multi-tenant computing environment comprises at least a first computing resource associated with a first tenant and a second computing resource associated with a second tenant, the method comprising:
- assigning, by a processor, a first user account to the first user, wherein the first user account has associated therewith first user account information comprising at least one user account indicium that is unique across the multi-tenant computing environment;
  
  linking by the processor, to the first user account, a first subscription, wherein the first subscription has associated therewith first subscription information;
  
  linking by the processor, to the first user account, a second subscription, wherein the second subscription has associated therewith second subscription information;
  
  receiving from the first user, by the processor, at least the user account indicium in connection with a log-in to the multi-tenant computing environment by the first user;
  
  permitting, by the processor, access to the first computing resource for the first user account based upon the log-in with the user account indicium and the first subscription information of the first subscription that is linked to the first user account; and
  
  permitting, by the processor, access to the second computing resource for the first user account based upon the log-in with the user account indicium and the second subscription information of the second subscription that is linked to the first user account;
  
  wherein a list of subscriptions for the first user account determines whether the first user account can move among different tenants;
  
  wherein, in the event of inactivation of the first user account, the first subscription cannot be used to access the first computing resource and the second subscription cannot be used to access the second computing resource;
  
  wherein, in the event of reactivation of the first user account after being deactivated, all user application data will again be available to the first user account; and
  
  wherein, in the event of termination of the first user account, all user application data will be deleted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the linking of the first subscription and the second subscription to the first user account comprises storing data in a database.
  - 3. The method of claim 1, wherein the first computing resource comprises a first web presence and the second computing resource comprises a second web presence.
  - 4. The method of claim 3, wherein the first web presence comprises at least one webpage and the second web presence comprises at least one webpage.
  - 5. The method of claim 1, wherein:
    - the first tenant has associated therewith a first namespace;
      
      the second tenant has associated therewith a second namespace that is distinct from the first namespace;
      
      the first computing resource is in the first namespace; and
      
      the second computing resource is in the second namespace.
  - 6. The method of claim 1, wherein after the log-in by the first user, the first user is enabled by the processor to collaborate with at least a second user in connection with access to at least one of the first computing resource and the second computing resource.
  - 7. The method of claim 6, wherein the collaborative access for each of the first user and the second user comprises:
    - (a) file read access;
      
      (b) file write access;
      
      (c) file create access;
      
      or (d) any combination thereof.
  - 8. The method of claim 1, further comprising at least one of:
    - (a) enabling by the processor the first user associated with the first tenant to invite a second user associated with the second tenant to collaborate on a computing resource associated with the first tenant;
      
      (b) maintaining by the processor role information on the first subscription of the first user that limits capabilities while accessing the first computing resource;
      
      (c) limiting by the processor access to all of a plurality of secondary subscriptions of the first user when a primary subscription of the first user is deleted or otherwise invalidated;
      
      (d) disabling by the processor only one subscription of the first user from a set of subscriptions of the first user;
      
      (e) enabling by the processor a tenant to limit which of a plurality of secondary subscriptions the first user can join based on rules associated with a primary subscription of the first user;
      
      or(f) any combination thereof.
  - 9. The method of claim 1, wherein:
    - the multi-tenant computing environment further comprises at least a third computing resource associated with a third tenant; and
      
      the method further comprises prohibiting access to the third computing resource for the first user.

10. The method of claim l, wherein the at least one user account indicium of the first user account is further static and never re-used for the multi-tenant computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Banatwala, Mustansir, Brooks, David A., Lin, Patrick Y., Schaeck, Thomas, Yates, Robert L.
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
Widhalm De Rodrig, Angela

Application Number

US14/080,381
Publication Number

US 20140280583A1
Time in Patent Office

1,118 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 47/70   Admission control; Resource...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

Multi-tenancy support for enterprise social business computing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-tenancy support for enterprise social business computing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links