Sandboxing individual applications to specific user folders in a cloud-based service

摘要

An example system and method comprises receiving a request from the third-party application, wherein the request includes a user identifier; allocating an area that is specific for the third-party application and for the user; and granting access of the area to the third-party application. In one embodiments, the method further comprises providing to the third-party application a token which allows the third-party application to access a given area. Additional embodiments provided herein enable a third-party application to use a user identifier (e.g., an email address or other identifiers) of its user to access area specific of a cloud-based environment/platform/services (e.g., collaboration, file sharing, and/or storage services) without necessarily triggering user account authentication, thereby avoiding the process of requiring access codes from the user which can adversely impact user experience as well as compromise security and/or user's privacy.

主权项

1. A method for providing a third-party application with access to an area in a user work space of a cloud-based service, the method comprising:
receiving, by one or more servers of the cloud-based service, a request initiated by the third-party application, wherein the request includes a user identifier that uniquely identifies the user in the cloud-based service, wherein the user identifier does not include authentication credentials associated with the user in the cloud-based service; and based on evaluation of the user identifier:
verifying, by the one or more servers, that the third-party application has consent of the user to access to the area of the user work space, wherein the area of the user work space is a subset area of the user work space exclusively accessible by the third-party application,providing the third-party application with a token that allows the third-party application to exclusively access the area of the user work space without providing access to other areas of the user work space, andgranting, based on the token, the third-party application access to the area in the user work space of the cloud-based service.