公开(公告)号：US20230344707A1

公开(公告)日：2023-10-26

申请号：US17724853

申请日：2022-04-20

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey ,  John Joyce

IPC: H04L41/0816 ,  H04L43/08 ,  H04L12/66 ,  H04L41/0823 ,  H04L47/70

CPC classification number: H04L41/0816 ,  H04L43/08 ,  H04L12/66 ,  H04L41/0836 ,  H04L47/82

Abstract: Techniques for an Application Programming Interface (API) gateway to workload placement and load balancing in a distributed system. The API gateway may route API requests, responses, and so forth, via a plurality of paths between the API gateway, API endpoint devices and API client devices. The API gateway may collect the path properties for the plurality of paths between itself, and the client devices and API endpoints. Additionally, or alternatively, the API gateway may collect process properties indicating the statistics of specific processes. Using this data, the API gateway may determine that a particular path, a particular process, etc., has experienced performance degradation. The API gateway may further determine, and perform, a remedial action to take to remedy the performance degradation of the path or processes.

公开(公告)号：US12015521B2

公开(公告)日：2024-06-18

申请号：US17724853

申请日：2022-04-20

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey ,  John Joyce

IPC: H04L41/0816 ,  H04L12/66 ,  H04L41/0823 ,  H04L43/08 ,  H04L47/70

CPC classification number: H04L41/0816 ,  H04L12/66 ,  H04L41/0836 ,  H04L43/08 ,  H04L47/82

Abstract: Techniques for an Application Programming Interface (API) gateway to workload placement and load balancing in a distributed system. The API gateway may route API requests, responses, and so forth, via a plurality of paths between the API gateway, API endpoint devices and API client devices. The API gateway may collect the path properties for the plurality of paths between itself, and the client devices and API endpoints. Additionally, or alternatively, the API gateway may collect process properties indicating the statistics of specific processes. Using this data, the API gateway may determine that a particular path, a particular process, etc., has experienced performance degradation. The API gateway may further determine, and perform, a remedial action to take to remedy the performance degradation of the path or processes.

公开(公告)号：US20150106617A1

公开(公告)日：2015-04-16

申请号：US14572075

申请日：2014-12-16

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey ,  Nancy Cam-Winget ,  Susan E. Thomson ,  David Jones ,  Morteza Ansari ,  Klaas Wierenga ,  Joseph Salowey

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/08

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract translation: 提供了用于验证客户端设备的主体以访问软件即服务（SaaS）服务器的技术。 网络接入设备从客户端设备接收建立网络会话的请求，并将主体，客户端设备和网络会话的身份信息传送到会话目录数据库。 发送请求以访问SaaS服务器上的应用程序。 如果它不包含识别主题的身份断言，则将请求重定向到身份提供者设备，以向主题提供身份声明服务。 网络会话标识符被网络接入设备插入到请求中，该请求被转发给身份提供者设备。 身份提供者设备使用网络会话标识符来查询会话目录数据库，以获得要用于SaaS服务器的对象的安全断言的身份信息。

公开(公告)号：US09356928B2

公开(公告)日：2016-05-31

申请号：US14572075

申请日：2014-12-16

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey ,  Nancy Cam-Winget ,  Susan E. Thomson ,  David Jones ,  Morteza Ansari ,  Klaas Wierenga ,  Joseph Salowey

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/08

Abstract: Techniques are provided for authenticating a subject of a client device to access a software-as-a-service (SaaS) server. A network access device receives a request from a client device to establish a network session and transfers identity information of the subject, the client device and the network session to a session directory database. A request is sent to access an application on a SaaS server. If it does not contain an identity assertion that identifies the subject, the request is redirected to an identity provider device, to provide identity assertion services to the subject. A network session identifier is inserted into the request by a network access device and the request is forwarded to the identity provider device. The identity provider device uses the network session identifier to query the session directory database for the identity information to be used for a security assertion of the subject to the SaaS server.

Abstract translation: 提供了用于验证客户端设备的主体以访问软件即服务（SaaS）服务器的技术。 网络接入设备从客户端设备接收建立网络会话的请求，并将主体，客户端设备和网络会话的身份信息传送到会话目录数据库。 发送请求以访问SaaS服务器上的应用程序。 如果它不包含识别主题的身份断言，则将请求重定向到身份提供者设备，以向主题提供身份声明服务。 网络会话标识符被网络接入设备插入到请求中，该请求被转发给身份提供者设备。 身份提供者设备使用网络会话标识符来查询会话目录数据库，以获得要用于SaaS服务器的对象的安全断言的身份信息。

公开(公告)号：US20150381625A1

公开(公告)日：2015-12-31

申请号：US14844363

申请日：2015-09-03

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey

IPC: H04L29/06 ,  G06F21/31

CPC classification number: H04L63/10 ,  G06F21/31 ,  G06F21/335 ,  G06F21/445 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/168

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.

Abstract translation: 客户端设备上的软件即服务（SaaS）访问控制应用程序配置有标识用户的证书，以及用于一个或多个SaaS应用程序访问的配置信息，并包括SaaS应用程序的IDP标识符 。 SaaS访问控制应用程序包括要插入到客户端设备的网络软件堆栈中的软件以及被配置为用作断言的身份提供者的软件。 由SaaS访问控制应用程序配置期间提供的通用资源定位器（URL）标识的由客户端设备上的应用程序提供给SaaS服务提供商的请求在客户端设备的网络软件堆栈内被截获。 SaaS访问控制应用程序基于证书和配置信息生成断言。 请求的应用程序是通过在请求中嵌入的断言向SaaS服务提供商发出请求。

公开(公告)号：US09876799B2

公开(公告)日：2018-01-23

申请号：US14844363

申请日：2015-09-03

Applicant: Cisco Technology, Inc.

Inventor： Nathan Sowatskey

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/33 ,  G06F21/44 ,  G06F21/31

CPC classification number: H04L63/10 ,  G06F21/31 ,  G06F21/335 ,  G06F21/445 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/168

Abstract: A Software-as-a-Service (SaaS) access control application on a client device is configured with a certificate that identifies a user, and with configuration information for one or more SaaS applications to access, and including an IDP identifier for the SaaS application. The SaaS access control application includes software to be inserted into a network software stack of the client device and software configured to serve as an identity provider for assertions. A request, made by an application on the client device to a SaaS service provider identified by a Universal Resource Locator (URL) provided during configuration of the SaaS access control application, is intercepted within the network software stack of the client device. The SaaS access control application generates an assertion based on the certificate and configuration information. The requesting application is caused to make a request to the SaaS service provider with the assertion embedded in the request.