Maintaining Privacy in a Multi-Tenant Cloud Service Participating in a Federated Identity Platform

摘要

Embodiments conceal or obfuscate tenancy in a multi-tenant cloud service participating in a federated identity platform. A cloud service receives a request for a document from a first entity. The request includes an identifier associated with a second entity. The identifier is compared to a set of tenant identifiers each corresponding to one of the tenants to determine whether the second entity is one of the tenants. Based on the determination, a fictitious response is generated and sent to the first entity. In some embodiments, the document conforms to identity management protocols such as the Security Assertion Markup Language (SAML) specification and the OpenID brand software.

主权项

1. A system for concealing tenancy in a multi-tenant cloud service relying on federated identities, said system comprising:
a memory area associated with a cloud service, said memory area storing a set of tenant identifiers each corresponding to one of a plurality of tenants of the cloud service; and a processor programmed to:
receive a request for a document from a first entity by the cloud service, the request including an identifier associated with a second entity;receive, from an identity provider, a token authenticating the first entity;compare the identifier to a set of tenant identifiers each corresponding to one of the plurality of tenants to determine whether the second entity is one of the plurality of tenants;dynamically generate a fictitious document on determining that the second entity is not one of the plurality of tenants;digitally sign the generated fictitious document with a certificate for the second entity; andsend the signed fictitious document to the first entity.