Patents by Inventor Milen Manov
Milen Manov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10992680Abstract: Techniques are described for management of authorization (e.g., OAuth) clients on a distributed computing environment (e.g., platform), through a deployment descriptor of the application(s) hosted in the environment. The deployment descriptor can be provided with the deployed application, and describes various permissions for access to services provided by the platform and scope(s) of such access. Credentials can be generated for each subscriber of the application, according to the scope(s) indicated in the descriptor, and an authorization client can be generated that describes the various subscriptions of the various access and access scope(s) associated with each subscription. The authorization client is available on the platform and accessed at application runtime to control the application's access to the various services available on the platform.Type: GrantFiled: June 29, 2018Date of Patent: April 27, 2021Assignee: SAP SEInventors: Bhagyesh Hede, Milen Manov, Vasil Panushev
-
Publication number: 20200007550Abstract: Techniques are described for management of authorization (e.g., OAuth) clients on a distributed computing environment (e.g., platform), through a deployment descriptor of the application(s) hosted in the environment. The deployment descriptor can be provided with the deployed application, and describes various permissions for access to services provided by the platform and scope(s) of such access. Credentials can be generated for each subscriber of the application, according to the scope(s) indicated in the descriptor, and an authorization client can be generated that describes the various subscriptions of the various access and access scope(s) associated with each subscription. The authorization client is available on the platform and accessed at application runtime to control the application's access to the various services available on the platform.Type: ApplicationFiled: June 29, 2018Publication date: January 2, 2020Inventors: Bhagyesh Hede, Milen Manov, Vasil Panushev
-
Patent number: 10484385Abstract: A request from an application client is received at a protected application. The request includes an access token. A grant information associated with the received access token is retrieved. The grant information includes a plurality of intersecting scopes of rights granted to the application client. In another aspect, a session is established between the protected application and the application client. Furthermore, at least one scope of rights from the plurality of intersecting scopes of rights is determined to be mapped to at least one Application Programming Interface (API) from a number of APIs provided by the protected application.Type: GrantFiled: June 4, 2015Date of Patent: November 19, 2019Assignee: SAP SEInventors: Milen Manov, Jasen Minov, Martin Raepple
-
Patent number: 10270672Abstract: A first request is received at a central tracing component and from a first module in a complex computing system. The first request is received when the first module is called to execute. In response to the first request, input data of the first module is stored in the central tracing component. A second request is received from the first module when the first module has been successfully executed. In response to the second request, output data of the first module is stored in the central tracing component. A third request is received from a second module when the second module has failed execution. In response to the third request, the stored data in the central tracing component is sent to the second module.Type: GrantFiled: December 8, 2016Date of Patent: April 23, 2019Assignee: SAP SEInventors: Milen Manov, Vasil Panushev
-
Patent number: 10230720Abstract: A system receives a request from an in-browser application for an authorization code, creates a session that re-directs the in-browser application to an authorization server, and receives the authorization code from the authorization server by way of the in-browser application. The system requests an access token from the authorization server and receives the access token from the authorization server. The system then receives a request from the in-browser application for a resource, uses the access token to request the resource from a third-party resource server, and returns the resource to the in-browser application.Type: GrantFiled: December 12, 2016Date of Patent: March 12, 2019Assignee: SAP SEInventors: Martin Raepple, Vladimir Savchenko, Milen Manov
-
Patent number: 10015157Abstract: A multi-domain application requiring SSO and SLO operations in cloud environment is presented. The computing system of the multi-domain application includes a multi-domain service (MDS) to redirect the calls for the multi-domain application to an identity provider to authenticate the user or to invoke the single logout services (SLOs) on the domains of the multi-domain application and to invalidate the user sessions on the domains. A cookie that includes the multi-domain application URL is generated to reach the assertion consumer service (ASC) and the single logout service (SLO) that receive an identity assertion response from the identity provider. Domain specific SLOs are provided. A trust between these domain specific SLOs and the SLO is provided based on service provider keys. The SAML mechanism for a logout scenario is reused for communication between the SLO and the domain specific SLOs, where the SLO plays a role of a local IDP.Type: GrantFiled: June 1, 2016Date of Patent: July 3, 2018Assignee: SAP SEInventors: Jasen Minov, Milen Manov, Stefan Petrov
-
Publication number: 20180167384Abstract: A system receives a request from an in-browser application for an authorization code, creates a session that re-directs the in-browser application to an authorization server, and receives the authorization code from the authorization server by way of the in-browser application. The system requests an access token from the authorization server and receives the access token from the authorization server. The system then receives a request from the in-browser application for a resource, uses the access token to request the resource from a third-party resource server, and returns the resource to the in-browser application.Type: ApplicationFiled: December 12, 2016Publication date: June 14, 2018Inventors: Martin Raepple, Vladimir Savchenko, Milen Manov
-
Publication number: 20180167293Abstract: A first request is received at a central tracing component and from a first module in a complex computing system. The first request is received when the first module is called to execute. In response to the first request, input data of the first module is stored in the central tracing component. A second request is received from the first module when the first module has been successfully executed. In response to the second request, output data of the first module is stored in the central tracing component. A third request is received from a second module when the second module has failed execution. In response to the third request, the stored data in the central tracing component is sent to the second module.Type: ApplicationFiled: December 8, 2016Publication date: June 14, 2018Inventors: Milen Manov, Vasil Panushev
-
Publication number: 20160359861Abstract: A request from an application client is received at a protected application. The request includes an access token. A grant information associated with the received access token is retrieved. The grant information includes a plurality of intersecting scopes of rights granted to the application client. In another aspect, a session is established between the protected application and the application client. Furthermore, at least one scope of rights from the plurality of intersecting scopes of rights is determined to be mapped to at least one Application Programming Interface (API) from a number of APIs provided by the protected application.Type: ApplicationFiled: June 4, 2015Publication date: December 8, 2016Inventors: MILEN MANOV, JASEN MINOV, MARTIN RAEPPLE
-
Publication number: 20160277390Abstract: A multi-domain application requiring SSO and SLO operations in cloud environment is presented. The computing system of the multi-domain application includes a multi-domain service (MDS) to redirect the calls for the multi-domain application to an identity provider to authenticate the user or to invoke the single logout services (SLOs) on the domains of the multi-domain application and to invalidate the user sessions on the domains. A cookie that includes the multi-domain application URL is generated to reach the assertion consumer service (ASC) and the single logout service (SLO) that receive an identity assertion response from the identity provider. Domain specific SLOs are provided. A trust between these domain specific SLOs and the SLO is provided based on service provider keys. The SAML mechanism for a logout scenario is reused for communication between the SLO and the domain specific SLOs, where the SLO plays a role of a local IDP.Type: ApplicationFiled: June 1, 2016Publication date: September 22, 2016Inventors: JASEN MINOV, MILEN MANOV, STEFAN PETROV
-
Patent number: 9386007Abstract: A multi-domain application requiring SSO and SLO operations in cloud environment is presented. The computing system of the multi-domain application includes a multi-domain service (MDS) to redirect the calls for the multi-domain application to an identity provider to authenticate the user or to invoke the single logout services (SLOs) on the domains of the multi-domain application and to invalidate the user sessions on the domains. A cookie that includes the multi-domain application URL is generated to reach the assertion consumer service (ACS) and the single logout service (SLO) that receive an identity assertion response from the identity provider. Domain specific SLOs are provided. A trust between these domain specific SLOs and the SLO is provided based on service provider keys. The SAML mechanism for a logout scenario is reused for communication between the SLO and the domain specific SLOs, where the SLO plays a role of a local IDP.Type: GrantFiled: December 27, 2013Date of Patent: July 5, 2016Assignee: SAP SEInventors: Jasen Minov, Milen Manov, Stefan Petrov
-
Publication number: 20150188906Abstract: A multi-domain application requiring SSO and SLO operations in cloud environment is presented. The computing system of the multi-domain application includes a multi-domain service (MDS) to redirect the calls for the multi-domain application to an identity provider to authenticate the user or to invoke the single logout services (SLOs) on the domains of the multi-domain application and to invalidate the user sessions on the domains. A cookie that includes the multi-domain application URL is generated to reach the assertion consumer service (ASC) and the single logout service (SLO) that receive an identity assertion response from the identity provider. Domain specific SLOs are provided. A trust between these domain specific SLOs and the SLO is provided based on service provider keys. The SAML mechanism for a logout scenario is reused for communication between the SLO and the domain specific SLOs, where the SLO plays a role of a local IDP.Type: ApplicationFiled: December 27, 2013Publication date: July 2, 2015Inventors: JASEN MINOV, Milen Manov, Stefan Petrov