Shared identity management (idm) integration in a multi-tenant computing environment
US-2019026486-A1 · Jan 24, 2019 · US
Unified identity services for multi-tenant architectures
US11030329B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11030329-B2 |
| Application number | US-201816009994-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 15, 2018 |
| Priority date | Jun 15, 2018 |
| Publication date | Jun 8, 2021 |
| Grant date | Jun 8, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for using unified identities in a multi-tenant architecture system is discussed. The method includes receiving a request, at a first service provider, to provide a service for a user. The method includes accessing a representation of a second service provider in a first hierarchical data structure managed by the first service provider. The method includes determining that user data required for the service is managed by the second service provider that manages user identity of the user. The method includes determining that the representation is linked with a full identity reference for the second service provider in a second hierarchical data structure managed by the second service provider. The method includes accessing the user data at the second hierarchical data structure using the full identity reference. The method includes accessing the service via the lightweight identity reference and using the user data at the first service provider.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for using unified identity services in a multi-tenant architecture system, the method comprising: receiving a request, at a first service provider, to provide a first service for a user; accessing a first representation of a second service provider in a first hierarchical data structure, the first hierarchical data structure being managed by the first service provider, the second service provider managing user identity of the user, and the first service provider configured to provide a first set of services including the first service to the user, wherein the first service provider and the second service provider are tenants of the multi-tenant architecture system; determining that user data required for completion of the first service is managed by a second service provider; determining that the first representation is linked, at the first hierarchical data structure, with a full identity reference for the second service provider at a second hierarchical data structure, the second hierarchical data structure managed by the second service provider, wherein relationship data associated with the first representation enables determination of links between one or more first entities at the first hierarchical data structure and one or more second entities at the second hierarchical data structure; accessing, based on determining the first representation is linked, the user data for the user via the second hierarchical data structure using the full identity reference and a third-party identity provider of the second service provider; and accessing the first service for the user via the first representation and using the user data at the first service provider. 2. The method of claim 1 , wherein the second service provider is configured to directly provide a second set of services to the user; and the second set of services are available for access from the first service provider using the first representation. 3. The method of claim 1 , wherein the determining the first representation is linked with the full identity reference for the second service provider is based, at least in part, on the determined links. 4. The method of claim 1 , wherein access permissions associated with the second service provider are used, at the first service provider, to determine how to access the user data. 5. The method of claim 1 , further comprising: determining, based on the relationship data, a dependency graph indicating relationships and access permissions between entities of the first hierarchical data structure and additional entities of the second hierarchical data structure, wherein said determining that the first representation is linked with the full identity reference is based on the dependency graph. 6. The method of claim 1 , further comprising: onboarding the second service provider onto the hierarchical data structure of the first service provider enabling services provided by the second service provider to be exposed to a linked identity reference from the first service provider. 7. The method of claim 1 , further comprising: determining to update the first hierarchical data structure based on one or more changes of the second hierarchical data structure due to services being performed at the second service provider. 8. The method of claim 1 , further comprising: generating a communication for updating the second hierarchical data structure based on one or more changes of the first hierarchical data structure based on the first service. 9. The method of claim 1 , further comprising: receiving an additional request from another user via a third service provider for accessing a second service at the second service provider; accessing another representation of the third service provider in the first hierarchical data structure, the second entity configured to provide a second set of services including the second service to the another user; determining that the another representation is linked with another full reference for the third service provider in a second hierarchical data structure, the second hierarchical data structure managed by the second service provider; and accessing the second service for the another user via the third representation at the second service provider. 10. A system comprising: a non-transitory memory storing instructions; and a processor configured to execute the instructions to cause the system to: receive a request, at a first service provider, to provide a first service for a user, the first service provider being a first tenant of a multi-tenant system; access a first lightweight identity reference of the user in a first hierarchical data structure, the first hierarchical data structure being managed by the first service provider; determine that user data required for completion of the first service is managed by a representation of the first lightweight identity reference at a second service provider, the second service provider being a second tenant of the multi-tenant system; determine that the first lightweight identity reference is linked with a full identity reference for the user in a second hierarchical data structure, the second hierarchical data structure managed by a second service provider, wherein the system is configured to use relationship data associated with the first representation to determine links between one or more first entities at the first hierarchical data structure and one or more second entities at the second hierarchical data structure; access, based on determining the first lightweight identity reference is linked with the full identity reference, the user data at the second hierarchical data structure using the full identity reference and a third-party identity provider of the second service provider; and access the first service for the user via the first lightweight identity reference and using the user data at the first service provider. 11. The system of claim 10 , wherein the second service provider is an original provider of user identity including a second set of services; and one or more of the second set of services are available for access from the first service provider using the first lightweight user reference. 12. The system of claim 10 , wherein executing the instructions further cause the system to determine, based on the relationship data, a dependency graph indicating relationships and access permissions between entities of the first hierarchical data structure and additional entities of the second hierarchical data structure, wherein said determining that the first lightweight identity reference is linked with the full identity reference is based on the dependency graph. 13. The system of claim 10 , wherein executing the instructions further cause the system to onboard the second service provider onto the hierarchical data structure of the first service provider enabling services provided by the second service provider to be exposed to a linked identity reference from the first service provider. 14. The system of claim 10 , wherein executing the instructions further cause the system to determine to update the first hierarchical data structure based on one or more changes of the second hierarchical data structure due to services being performed at the second service provider. 15. A non-transitory machine-readable medium having instructions stored thereon, the instructions executable to cause performance of operations comprising: receiving a request, at a first service provider, to provide a first service for a user, the first service provider being a first tenant of a multi-
Assignees
Inventors
Classifications
Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources (admission control or resource allocation H04L47/70) · CPC title
Discovery or management thereof, e.g. service location protocol [SLP] or web services · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
Entity profiles · CPC title
Graphs; Linked lists (G06F16/9027 takes precedence) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11030329B2 cover?
- A method for using unified identities in a multi-tenant architecture system is discussed. The method includes receiving a request, at a first service provider, to provide a service for a user. The method includes accessing a representation of a second service provider in a first hierarchical data structure managed by the first service provider. The method includes determining that user data req…
- Who is the assignee on this patent?
- Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/604. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 08 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).