发明名称 |
Cloud service authentication |
摘要 |
One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider. |
申请公布号 |
US9418216(B2) |
申请公布日期 |
2016.08.16 |
申请号 |
US201113187767 |
申请日期 |
2011.07.21 |
申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Wetter Allan Edwin;Frei Adrian;Tsang Peter M.;Rouskov Yordan |
分类号 |
G06F7/04;G06F21/41;G06F21/33;H04L29/06 |
主分类号 |
G06F7/04 |
代理机构 |
|
代理人 |
Webster Bryan;Barker Doug;Minhas Micky |
主权项 |
1. A method, implemented at a computer system that includes one or more processors, for providing access to a cloud service, the method comprising:
receiving a request from an application hosted by an operating system (OS) to access a cloud service; sending a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) and a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receiving a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the user assigned ID having been computed by the identity provider based upon the cloud service ID and a user identification associating the user with the identity provider, the token being signed with an identity provider signature; providing the token to the application for submission to a cloud service provider for access to the cloud service; and obtaining access to the cloud service based at least on the cloud service provider having validated an identity provider signature as a signature of the identity provider. |
地址 |
Redmond WA US |