PROXY-BASED IDENTITY AND ACCESS MANAGEMENT FOR WEB APPLICATIONS

Organization Name

MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor(s)

Saeed Javed Akhter of Redmond WA (US)

Steven Soneff of Bellevue WA (US)

PROXY-BASED IDENTITY AND ACCESS MANAGEMENT FOR WEB APPLICATIONS - A simplified explanation of the abstract

This abstract first appeared for US patent application 18510482 titled 'PROXY-BASED IDENTITY AND ACCESS MANAGEMENT FOR WEB APPLICATIONS

Simplified Explanation

The techniques described in this patent application involve proxies configured to handle identity and access management for a web application.

• The first proxy receives requests from a browser and redirects the user to an identity endpoint for authentication.
• Upon successful authentication, the endpoint provides an access token to the first proxy, which then passes it to a second proxy for storage.
• The second proxy handles anonymous API calls from the web application by inserting the token into outgoing requests to the APIs.
• If the token is invalid, the second proxy communicates with the first proxy to obtain a new token from the endpoint.

Potential Applications

This technology could be applied in various web applications that require secure identity and access management systems.

Problems Solved

This technology solves the problem of securely managing user identities and access to web APIs within a web application.

Benefits

The benefits of this technology include enhanced security, streamlined access management, and improved user authentication processes.

Potential Commercial Applications

A potential commercial application of this technology could be in the development of secure online platforms that require robust identity and access management features.

Possible Prior Art

One possible prior art for this technology could be existing identity and access management systems used in web applications.

Unanswered Questions

How does this technology compare to existing identity and access management solutions in terms of performance and scalability?

This article does not provide a direct comparison between this technology and existing solutions in terms of performance and scalability. Further research or testing may be needed to determine how this technology stacks up against other options.

What are the potential limitations or vulnerabilities of this technology in terms of protecting user data and preventing unauthorized access?

This article does not delve into the potential limitations or vulnerabilities of this technology in terms of protecting user data and preventing unauthorized access. Additional analysis or security testing may be necessary to identify any weaknesses in the system.

Original Abstract Submitted

Techniques described herein are directed to proxies configured to handle identity and access management for a web application. For instance, a first proxy receives requests to the application from a browser. The first proxy redirects the browser to an identity endpoint, which prompts the user to enter authentication credentials for the application. Upon successful authentication, the endpoint provides an access token for accessing web APIs to the first proxy. The first proxy provides the token to a second proxy, which stores the token. The second proxy receives anonymous API calls from the web application to the web APIs. When receiving an anonymous API call, the second proxy obtains the token and inserts it into an outgoing request to the API. Responsive to the API returning a message indicating that the token is invalid, the second proxy communicates with the first proxy to obtain a new token from the endpoint.