U.S. patent application number 14/609027 was filed with the patent office on 2015-05-21 for systems and methods for content management in an on-demand environment.
The applicant listed for this patent is Salesforce.com, Inc.. Invention is credited to David Goldbrenner, Michael Micucci, Suarav Mohapatra.
Application Number | 20150143503 14/609027 |
Document ID | / |
Family ID | 50189412 |
Filed Date | 2015-05-21 |
United States Patent
Application |
20150143503 |
Kind Code |
A1 |
Micucci; Michael ; et
al. |
May 21, 2015 |
SYSTEMS AND METHODS FOR CONTENT MANAGEMENT IN AN ON-DEMAND
ENVIRONMENT
Abstract
The technology disclosed relates to hosting legacy data sources
in a cloud environment. In particular, it relates to providing
users with flyweight access to content stored in legacy content
repositories from within cloud based applications. It uses
full-duplex secure transport tunnels and repository-specific
connectors to traverse security layers and access the content
repositories. It also creates virtual objects representing the
content in the content repositories and embeds them in the cloud
based applications.
Inventors: |
Micucci; Michael; (San
Francisco, CA) ; Mohapatra; Suarav; (Burlingame,
CA) ; Goldbrenner; David; (San Francisco,
CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Salesforce.com, Inc. |
San Francisco |
CA |
US |
|
|
Family ID: |
50189412 |
Appl. No.: |
14/609027 |
Filed: |
January 29, 2015 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
13844203 |
Mar 15, 2013 |
8990958 |
|
|
14609027 |
|
|
|
|
61695984 |
Aug 31, 2012 |
|
|
|
Current U.S.
Class: |
726/11 |
Current CPC
Class: |
H04L 63/029 20130101;
H04L 63/08 20130101; H04L 67/02 20130101; H04L 63/168 20130101 |
Class at
Publication: |
726/11 |
International
Class: |
H04L 29/06 20060101
H04L029/06 |
Claims
1. A method for providing flyweight access within a cloud
environment to a content object stored in an external content
repository, the method including: receiving a content object
identifier for a content object that a user or a system has
selected to access from a cloud or web-based software system,
wherein the content object is stored on the external content
repository; passing the content object identifier to a content hub
that identifies a data source from the object identifier and uses a
repository-specific connector to access the external content
repository and the content object; traversing one or more firewalls
or security layers between the content hub and the external content
repository using a secure transport tunnel that forwards
authentication requests and authentication credentials to the
external content repository; accessing the content object using the
repository-specific connector; creating a virtual object that
includes at least an access controlled preview representing the
content object and the content object identifier; and embedding the
virtual object in a content feed.
2. The method of claim 1, wherein the content object identifier
includes at least a title, description, origin, URL, and/or unique
ID of the content object.
3. The method of claim 2, wherein the content hub converts the
content object identifier to a data type that can be interpreted by
the content repository.
4. The method of claim 1, wherein the virtual object includes
metadata describing the content object and an icon identifying the
content repository.
5. The method of claim 4, further including: allowing the user to
manipulate the metadata, wherein the manipulation is based on
user's access rights.
6. The method of claim 1, wherein the transport tunnel establishes
a full duplex connection between the content hub and the content
repository.
7. The method of claim 1, further including: providing user based
access to the virtual object, including: determining whether the
user is authorized to view the preview representing the content
object and the content object identifier; if the user is not
authorized to view the preview, determining whether the user is
authorized to view metadata and an icon identifying the external
content repository; if the user is authorized to view the metadata
and the icon, selecting the metadata and the icon for display; and
if the user is not authorized to view the metadata and the icon,
sending a link to request access or automatically granting access,
based on user preferences.
8. A method for providing an author flyweight access within a
social application to a document stored in an external data source,
the method including: receiving from an author a document
identifier for the document that the author has selected to share
or post in a social feed, wherein the document is stored on the
external data source; accessing the author's credentials for access
to the external data source; sending the document identifier to a
content hub that identifies the external data source from the
document identifier; wherein the content hub uses a secure
transport tunnel to traverse one or more firewalls or security
layers and uses source-specific connectors to access the external
data source; creating a virtual object that includes at least an
access controlled preview representing the document and the
document identifier; and embedding the virtual object in the social
feed.
9. The method of claim 8, wherein the document identifier includes
at least a title, description, origin, URL, and/or unique ID of the
document.
10. The method of claim 8, wherein the virtual object includes
metadata describing the document and an icon identifying the
external data source.
11. A method for providing a recipient flyweight access within a
social application to a document stored in an external data source,
the method including: responsive to a recipient request to view a
social feed including a feed item, inspecting a virtual object in
the feed item that an author has selected to share or post, wherein
the virtual object represents a document residing on the external
data source; accessing the recipient's credentials for access to
the external data source; sending the virtual object to a content
hub that identifies the external data source from the virtual
object; wherein the content hub uses a secure transport tunnel to
traverse one or more firewalls or security layers and uses
source-specific connectors to access the external data source;
supplying the recipient's credentials to the external data source
for authentication checking; subject to the recipient's access,
providing metadata describing the document, an icon identifying the
external data source and a preview of the document in the social
feed; and when the recipient does not have access, providing only
the metadata describing the document and the icon identifying the
external data source.
12. The method of claim 11, further including: when the recipient
does not have access, supplying a link to request the preview of
the document in the social feed or automatically granting access,
based on user preferences.
Description
RELATED APPLICATION
[0001] This application is a continuation of co-pending U.S. patent
application Ser. No. 13/844,203 entitled "Systems And Methods For
Content Management In An On-Demand Environment," filed on Mar. 15,
2013, which claims the benefit of U.S. Provisional Patent
Application No. 61/695,984, entitled, "Content Management," filed
on Aug. 31, 2012, both of which are hereby incorporated by
reference in their entirety and for all purposes.
BACKGROUND
[0002] The subject matter discussed in the background section
should not be assumed to be prior art merely as a result of its
mention in the background section. Similarly, a problem mentioned
in the background section or associated with the subject matter of
the background section should not be assumed to have been
previously recognized in the prior art. The subject matter in the
background section merely represents different approaches, which in
and of themselves may also correspond to implementations of the
claimed inventions.
[0003] The technology disclosed relates to hosting legacy data
sources in a cloud-based environment. In particular, it relates to
providing users with flyweight access to content stored in legacy
content repositories from within cloud-based applications. It uses
full-duplex secure transport tunnels and repository-specific
connectors to traverse security layers and access the content
repositories. It also creates virtual objects representing the
content in the content repositories and embeds them in cloud-based
applications.
[0004] With the cloud revolution, there is an ever increasing need
for integrating legacy systems into the cloud environment. Also,
organizations that have been maintaining legacy databases for years
desire integration of their legacy systems with various cloud-based
applications such as Data.com, Work.com, etc. Seamlessly
integrating legacy systems into a cloud-based environment remains a
problem that has yet to be solved.
[0005] An opportunity has arisen to allow users to host and access
content stored in legacy data sources from within a cloud-based
environment. Better information exchange and inter-environmental
communication channels may result.
SUMMARY
[0006] The technology disclosed relates to hosting legacy data
sources in a cloud environment. In particular, it relates to
providing users with flyweight access to content stored in legacy
content repositories from within cloud-based applications. It uses
full-duplex secure transport tunnels and repository-specific
connectors to traverse security layers and access the content
repositories. It also creates virtual objects representing the
content in the content repositories and embeds them in the
cloud-based applications.
[0007] Other aspects and advantages of the present invention can be
seen on review of the drawings, the detailed description and the
claims, which follow.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] The included drawings are for illustrative purposes and
serve only to provide examples of possible structures and process
operations for one or more implementations of this disclosure.
These drawings in no way limit any changes in form and detail that
may be made by one skilled in the art without departing from the
spirit and scope of this disclosure. A more complete understanding
of the subject matter may be derived by referring to the detailed
description and claims when considered in conjunction with the
following figures, wherein like reference numbers refer to similar
elements throughout the figures.
[0009] FIG. 1 shows a block diagram of one implementation of
content hub architecture.
[0010] FIG. 2 shows a block diagram of one implementation of
content hub deployment architecture.
[0011] FIG. 3 shows a message sequence chart of dataflow within the
content hub architecture shown in FIG. 1.
[0012] FIG. 4 shows a block diagram of one implementation of
content hub bridge architecture.
[0013] FIG. 5 shows a message sequence chart of transport tunnel
protocol.
[0014] FIGS. 6A-6B illustrate configuration of a content repository
in a social application using a user interface.
[0015] FIGS. 7A-7B illustrate configuration of a third-party
chatter file in a social application.
[0016] FIGS. 8A-8B illustrate sharing of a third-party chatter file
with a recipient group using a user interface.
[0017] FIG. 9 illustrates federated search of a file across
multiple content repositories from within a social application.
DETAILED DESCRIPTION
[0018] The following detailed description is made with reference to
the figures. Sample implementations are described to illustrate the
technology disclosed, not to limit its scope, which is defined by
the claims. Those of ordinary skill in the art will recognize a
variety of equivalent variations on the description that
follows.
[0019] The technology disclosed relates to providing abstracted and
aggregated access to multiple content repositories in a cloud
environment. In particular, it relates to integrating external
legacy data sources within cloud-based applications.
[0020] In one implementation, a method for providing flyweight
access within a cloud environment to a content object stored in an
external content repository such as SharePoint.RTM., Google
Docs.RTM., Dropbox.RTM., Box.net.RTM., etc. The flyweight access
can refer to providing access to a document without the document
leaving its original source. In other implementations, it can refer
to making a document accessible from a non-original source, without
making a copy of the document.
[0021] In some implementations, a content object identifier for a
content object stored in an external content repository that a user
or a system has selected to access can be received from a cloud or
web-based software system such as Salesforce.com. The content
object identifier can then be passed to a content hub that
identifies the data source from the object identifier and uses a
repository-specific connector to access the content repository and
the content object. The content hub can convert the content object
identifier to a data type that can be interpreted by the content
repository.
[0022] In some implementations, a two-way full-duplex secure
transport tunnel can be established that traverses one or more
firewalls or security layers between the content hub and the
content repository that forwards authentication requests and
authentication credentials to the content repository. The content
object can then be accessed using the repository-specific
connector.
[0023] In some implementations, a virtual object can be created
that includes an access controlled preview representing the content
object and the content object identifier. The virtual object can
then be embedded in the content feed. In other implementations, the
virtual object can include metadata describing the content object
and an icon identifying the content repository. In other
implementations, users can be allowed to manipulate the metadata
based on their access rights.
[0024] In some implementations, the content object identifier can
include a variety of fields such as title, description, origin,
URL, and/or unique ID of the content object.
[0025] In some implementations, the technology disclosed can
determine whether the user is authorized to view the preview
representing the content object and the content object identifier.
If the user is not authorized to view the preview, the technology
disclosed can determine whether the user is authorized to view the
metadata and the icon identifying the external content repository.
If the user is authorized to view the metadata and the icon, it can
select the metadata and the icon for display and if the user is not
authorized to view the metadata and the icon, it can send a link to
request access or automatically grant access, based on user
preferences.
[0026] The technology disclosed can receive from an author a
document identifier for a document stored on an external data
source that the author has selected to share or post in a social
feed. It can then access the author's credentials for access to the
external data source and send the document identifier to a content
hub that identifies the data source from the document
identifier.
[0027] As explained above, the content hub can then use a secure
transport tunnel to traverse one or more firewalls or security
layers and use source-specific connectors to access the data
source. Following this, a virtual object that includes an access
controlled preview representing the document and the document
identifier can be created and embedded into in the social feed.
[0028] The technology disclosed can inspect a virtual object
representing a document residing on an external data source in the
feed item that an author has selected to share or post in response
to a recipient request to view a social feed including a feed item.
After accessing the recipient's credential, the virtual object can
be sent to the content hub that identifies the data source from the
virtual object.
[0029] In some implementations, the content hub can use a secure
transport tunnel to traverse one or more firewalls or security
layers and use source-specific connectors to access the data source
and supply the recipient's credentials to the data source for
authentication checking Subject to the recipient's access, the
content hub can provide metadata describing the document, an icon
identifying the data source and a preview of the document in the
social feed, and when the recipient does not have access, providing
only the metadata describing the document and the icon identifying
the content repository. In other implementations, when the
recipient does not have access, the content hub can supply a link
to request preview of the document in the social feed or
automatically grant access, based on user preferences.
[0030] In some implementations, the technology disclosed can
include a method for performing a federated search of content
across fragmented data sources from a social application. The
technology disclosed can receive content identifiers for content
stored in fragmented data sources that a user desires access to
from the social application. It can send the content identifier to
a content hub that uses a secure transport tunnel to traverse one
or more firewalls or security layers and uses source-specific
connectors to access the fragmented data sources and identify the
content in at least one of the fragmented data sources.
[0031] In some implementations, it can create virtual objects that
include an access controlled preview representing the content in at
least one of the fragmented data sources and present the virtual
objects in a user interface responsive to user selection, which can
be embedded in a social feed as feed items upon user selection.
[0032] The technology disclosed relates to generating content
management for use in a computer-implemented system. The described
subject matter can be implemented in the context of any
computer-implemented system, such as a software-based system, a
database system, a multi-tenant environment, or the like. Moreover,
the described subject matter can be implemented in connection with
two or more separate and distinct computer-implemented systems that
cooperate and communicate with one another. One or more
implementations may be implemented in numerous ways, including as a
process, an apparatus, a system, a device, a method, a computer
readable medium such as a computer readable storage medium
containing computer readable instructions or computer program code,
or as a computer program product comprising a computer usable
medium having a computer readable program code embodied
therein.
Content Hub Architecture
[0033] FIG. 1 shows a block diagram of one implementation of
content hub architecture 100. FIG. 1 shows that content hub
architecture 100 can include a customer data center 102 and a
multi-tenant on-demand system 105 like Salesforce.com.RTM. (SFDC).
The customer data center 102 can include a silo 111 of multiple
Content Repositories from various data sources 121, 131, 141, and
151. Examples of various data sources can include SharePoint.RTM.,
Documentum.RTM., OpenText.RTM., Box.net.RTM., Google Drive.RTM.,
Dropbox.RTM., Salesforce.RTM., etc. In other implementations,
content hub architecture 100 may not have the same elements as
those listed above and/or may have other/different elements instead
of, or in addition to, those listed above.
[0034] Regarding the multi-tenant on-demand system 105, SFDC
applications (SFDC Apps) 106 can represent any application running
inside the multi-tenant on-demand system 105, examples can include
Force.com, Work.com, Data.com, VisualForce.com and/or any of the
applications provided by the AppExchange product of SFDC. Apex is
an object-oriented programming language that can allow developers
to execute flow and transaction control statements on Relational
Content S-Object API 127. Search 108 can take user input to perform
a federated search across the content repositories 111 using
Relational Content S-Object API 127 as described later in this
application. Third party chatter files (TPCFs) are representations
of content stored in the Content Repositories 111 held in virtual
objects as described later in this application. Examples of TPCFs
can include text, audio, video or image files or any combination of
these file types.
[0035] Relational Content S-Object API 127 can process database
stored procedures from SFDC Apps 106, search 108, apex 109, and
TPCFs 110 and submit them to the Internal C HUB API 127, which
further forwards them to content hub 158. In some implementations,
Relational Content S-Object API 127 includes virtual objects that
can describe the individual metadata for any of the content objects
in the content repositories 111.
[0036] Internal CHUB API 127 can act as a gateway for all data
stored procedures and calls made on the content hub 158. In some
implementations, all process calls from any of the components of
the multi-tenant on-demand system 105, the customer data center 102
and/or CHUB API consumer 124 can be processed through the Internal
CHUB API 127.
[0037] Content hub 158 is a single platform that can provide access
to various data sources 121, 131, 141, and 151 using
repository-specific connectors assembled in the remote connector
service 152 and full-duplex transport tunnel 155 referred to as
"wormhole." In some implementations, content hub can be accessed by
users and applications external to the multi-tenant on-demand
system 105 through the CHUB API Consumer 124, which can forward
external requests to the Rich Content CHUB API 126. Rich Content
CHUB API 126 can be hosted within the multi-tenant on-demand system
105 to process requests that include content not addressable by the
Relational Content S-Object API 127.
[0038] Wormhole tunnel 155 can serve as a bridge between the
multi-tenant on-demand system 105. In some implementations,
wormhole tunnel 155 can set up a wormhole service 156 at the
content hub 158 and a wormhole client at the remote connector
service 152 as described later in this application.
[0039] The remote connector service 152 can include various
repository-specific connectors that are specific to a particular
data source. In some implementations, repository-specific
connectors can read and/or write to/from the Content Repositories
111.
Content Hub
[0040] Content hub can provide unified access to various types of
content and data repositories and integrate data from these
heterogeneous sources into cloud-based applications. In some
implementations, content hub can access the various content
repositories using repository-specific connectors that are
assembled in a remove connector service.
[0041] In some implementations, the content hub can use a split
architecture where a portion of it runs in a cloud-based
environment and the client site uses the remote connector service
to connect to the different content repositories. The content hub
can use a secure transport tunnel to connect with the remote
connector service.
[0042] FIG. 2 shows a block diagram of one implementation of
content hub deployment architecture 200. FIG. 2 includes a Virtual
S-Object 218 in multi-tenant on-demand pods 210 and an organization
binding database 248 with data fields 228. FIG. 2 also includes a
real-time stack or super-pod 208 with Content Hub CHUB 1 206, with
Content Hub CHUB 2 216 and with Content Hub CHUB 3 226.
[0043] FIG. 2 also shows that super-pod 208 includes Secure Tunnel
Server T1 205, Secure Tunnel Server T2 215, Secure Tunnel Server T3
225, Secure Tunnel Server T4 235, and a routing table database 245
with data fields 236. FIG. 2 also shows that customer data centers
202, 212 and 222 include SharePoint.RTM. ORG 1 at Site A,
SharePoint.RTM. ORG 1 at Site B, and SharePoint.RTM. ORG 2 at Site
C respectively. In other implementations, content hub deployment
architecture 200 may not have the same elements as those listed
above and/or may have other/different elements instead of, or in
addition to, those listed above.
[0044] Regarding content hub deployment architecture 200, Virtual
S-Object 218 accessible by users "U1" and "U2" in "ORG1" can assign
data stored procedures to Content Hub CHUB 1 206. In some
implementations, Content Hub CHUB 1 206 can be the primary handler
that calls operations on Secure Tunnel Server T1 205, Secure Tunnel
Server T2 215 connected to SharePoint.RTM. ORG 1 at Site A 202 and
SharePoint.RTM. ORG 1 at Site B 212 respectively.
[0045] Similarly, Virtual S-Object 218 accessible by user "U3" in
"ORG3" can assign data stored procedures to Content Hub CHUB 2 216.
In some implementations, Content Hub CHUB 2 216 can be the primary
handler that calls operations on Secure Tunnel Server T3 225
connected to SharePoint.RTM. ORG 2 at Site C 202.
[0046] In some implementations, Secure Tunnel Server T4 235 can be
left idle as a backup server. Organization binding databases 248
and data fields 228 maintain the records for the organization
relating to content hub mapping, whereas routing table database 245
with data fields 236 maintains the records for the organization
relating to site mapping.
[0047] FIG. 3 shows a message sequence chart 300 of dataflow within
the content hub architecture shown in FIG. 1. Other implementations
may perform the steps in different orders and/or with different,
fewer or additional steps than the ones illustrated in FIG. 3.
Multiple steps can be combined in some implementations. For
convenience, this message sequence chart is described with
reference to the system that carries out a method. The system is
not necessarily part of the method.
[0048] At link 312, the Remote Connector Service (RCS) 302 can set
up a serial port (SP) connection and make a speech-to-speech (STS)
dial-out call to the Secure Tunnel Server Endpoint 304. If the STS
connection drops, the RCS can redial. The organization-site product
combination can be used to route the STS dial-out call to specific
clusters of secure tunnel servers.
[0049] At link 334, the Secure Tunnel Server Endpoint 304 can
update the share routing table to reflect the latest mapping. In
some implementations, organizations (ORGs) can map to an active and
a passive content hub instance to avoid any single point of
failure. In other implementations, this can be enhanced via
internal virtual APIs. At link 318, S-Object 308 performs a lazy
resolution with the CHUB for ORGs and makes an API call to content
hub 306 at link 328. This call can include an implicit timeout
counter and an explicit timeout counter. If any of the following
links are broken, the timeout counters can throw an error.
[0050] Content hub 306 can map to multiple sites based on the user
ID and can also map to the STS endpoint at link 346. Following this
the content hub 306 can call the RCS via a secure tunnel at links
354 and 362. The RCS can send a response to STS at 374, which can
be forwarded to the content hub at 386 and to s-object at 398.
Transport Tunnel
[0051] FIG. 4 shows a block diagram of one implementation of
content hub bridge architecture 400. FIG. 4 shows that content hub
bridge architecture 400 can include on-demand system applications
407 connected to multiple custom data service logic handlers 417,
427 and 437. It can also include a full duplex secure transport
channel 425 between a Secure Tunnel Server service 426 set up at
on-demand system's fire wall 405 and a Secure Tunnel Client Service
424 set up at a content repository's fire wall 404.
[0052] FIG. 4 also shows that content hub bridge architecture 400
can include authentication service 406, provisioning service 416,
and administration/configuration management service 446. It can
also include a connector harness 403 including various
repository-specific connectors 413, 414, 423, 434, 444, and 445
deployed to various data sources 402, 412, 422, 432, 442, and 452
respectively. In other implementations, content hub bridge
architecture 400 may not have the same elements as those listed
above and/or may have other/different elements instead of, or in
addition to, those listed above.
[0053] In some implementations, users can download and install a
bootstrap on a local machine in their data center that makes calls
to the secure transport tunnel. The secure transport tunnel or
"wormhole" can traverse firewalls and other security layers
protecting the various external content repositories. In some
implementations, wormhole can establish a two-way full duplex
secure transport channel 425 that is used for communication between
a multi-tenant on-demand system like Salesforce.com and various
external content repositories.
[0054] In some implementations, the wormhole can deploy
repository-specific connectors 413, 414, 423, 434, 444, and 454 to
the remote connector service and configure them at the remote
connector service. It can enable integration of various content
repositories in the cloud-based environment by abstracting the
underlying secure connection and providing the standard protocol
implementations such as vanilla TCP client software development kit
for dynamic proxy remote method invocation (RMI) via a custom
socket factory for the repository-specific connectors, custom
jave.net.SocketFactory, SocketChannelFactory, and a Java database
connectivity driver for a SQL server.
[0055] In some implementations, the wormhole can support existing
repository-specific connectors and also configure new connectors.
It can setup a wormhole service at the multi-tenant on-demand
system that provides a custom client SDK and internal
representational state transfer (REST) API. The SDK and REST API
can be used to query and interact with the repository-specific
connectors deployed to the remote connector service.
[0056] FIG. 5 shows a message sequence chart of transport tunnel
protocol. Other implementations may perform the steps in different
orders and/or with different, fewer or additional steps than the
ones illustrated in FIG. 5. Multiple steps can be combined in some
implementations. For convenience, this message sequence chart is
described with reference to the system that carries out a method.
The system is not necessarily part of the method.
[0057] Secure Tunnel Client Endpoint 502 (STCE) can send an HTTP
connection request to HTTP proxy at client site 505 at link 515. At
link 512, HTTP proxy at client site 505 can send a proxy
authorization challenge to STCE 502. STCE 502 can respond to the
proxy authorization at link 525.
[0058] HTTP proxy at client site 505 can send an SSL connection
request to Secure Tunnel Server Endpoint (STSE) 508 at link 528.
STSE 508 can send an SSL connection complete confirmation to HTTP
proxy at client site 505 at link 535. HTTP proxy at client site 505
can send an SSL connection complete confirmation to STCE 502 at
link 542.
[0059] At link 548, a secure tunnel client handshake can be
performed between the STCE 502 and STSE 508. STSE 508 can send a
secure tunnel client challenge to STCE 502 at link 552. STCE 502
can respond to the challenge at link 558 and STSE 508 can send a
secure tunnel server session acknowledgement at link 562. Following
this, STCE 502 can establish a secure tunnel server session at link
572.
[0060] The wormhole can include two endpoints referred to as
wormhole client service 424 and the wormhole server service 426. In
some implementations, the wormhole client 424 can be preconfigured
with the address of the wormhole service 426 to make data procedure
calls to it. It can set up a proxy/NAT traversal that uses the HTTP
CONNECT based SSL connection tunneling paradigm and establish a
full duplex channel. The wormhole client can perform a handshake
with the wormhole service including creating a session and setting
up the per-session encryption. In other implementations, the
wormhole client and wormhole service can expose authenticated user
interfaces using authentication service 406 and API endpoints for
viewing the link status, and other monitoring and administration
metrics.
[0061] In some implementations, the wormhole service can be
identified by a URL such as sfdc://endpoint-name and the wormhole
client can identified by another URL such as
remote://site-id:org-id:endpoint-name. Data transported through the
tunnel can carry a destination URL that specifies the application
protocol and content object address. In some implementations, it
can also be an application specific header.
[0062] The wormhole endpoints can enable a routing mechanism for
delivering data. In some implementations, the data can be unframed
and delivered to custom adapters that are used to hook RMI and
other socket layers to the wormhole client.
[0063] The wormhole endpoints 424 and 426 can use a journal log for
transmitting data. In some implementations, the data to be
delivered can be first appended to a journal, while another thread
can keep reading on journal entries and sending them over to the
peer endpoint as frames. On receiving a frame, the receiver can
save them to an incoming journal and deliver them using a delivery
thread. In other implementations, a high throughput can be provided
using a high performance messaging library such as Disruptor.
[0064] The wormhole endpoints 424 and 426 can be registered using
an internet service daemon and can include watchers that monitor
them. In some implementations, the wormhole endpoints can be
restarted upon a termination to start sourcing the events from a
journal and recover the previous state.
[0065] In some implementations, the wormhole can be an SSL
connection using the provisioning service 416 including a secret
shared token based authentication. The remote connector service can
handle Internet protocol block whitelisting and connection access
control. Furthermore, sessions can be secured via pre-session adhoc
session encryption key. Storage and handling of credentials
required for firewall or proxy can be made via password vaults such
as OEM or Linux Wallet.RTM..
Virtual Object
[0066] Virtual objects can reference files, content and data on
external sources like SharePoint.RTM., Documentum.RTM., Google
Docs.RTM., Google Drive.RTM., Box.net.RTM., Dropbox.RTM., etc. In
some implementations, a virtual object can be created using a
"ContentVersion" object provided by the Relational Content S-Object
API 127. The "ContentVersion" represents content files and content
library files. In some implementations, it can be used to query a
specific document in the external content repositories. It can
include multiple fields that be specified at design-time. Examples
of fields include: ContentDocumentlD, ContentLocation, ContentUrl,
Description, ExternalDataSOurceld, ExternalDocumentInfo1,
ExternalDocumentlnfo2, FirstPublishLocationlD, Origin, OwnerlD,
ReasonForChange, TagCsv, Title, and VersionData.
[0067] In some implementations, a virtual object be created by
using the following code:
TABLE-US-00001 var cv = new sforce.SObject("ContentVersion");
cv.Origin=`H`; cv.ContentLocation=`E`;
cv.ExternalDataSourceId=`0XCD0000000005z`;
cv.ExternalDocumentInfo1=`/sites/sfdc/sandbox/Shared%20Documents/
Marketing%20brochure.docx`; cv.PathOnClient=
`https://sp.marketing.fisker.com/sites/sfdc/sandbox/SharedDocuments/
Fiskermarketingguidelines.docx`; cv.Title=`Fisker Marketing
Guidelines"; sforce.connection.create([cv]);
[0068] The code above can create a virtual object referred to as
third-party chatter file (TPCF) for a cloud-based social
application called Chatter.RTM.. The TPCF references a document in
SharePoint.RTM.. The URL of the document is
https://sharepoint.fisker.com/sites/sfdc/sandbox/Shared
Documents/Fiskermarketingguidelines.docx. The server URL of the
external data source is https://sharepoint.fisker.com.
[0069] In the code, "var cv=new sforce.SObject("ContentVersion");"
and "cv.Origin=`H`;" indicate that virtual object is a Chatter
file, "cv.ContentLocation=`E`;" indicates that the Chatter file is
an external TPCF. Furthermore,
"cv.ExternalDataSourceId=`0XCD0000000005z`;" is the ID of the
external data source, which is scraped from the browser URL bar
when the data source is viewed. The remainder of the URL to the
document is placed in
"cv.ExternalDocumentInfo1=`/sites/sfdc/sandbox/Shared
%20Documents/Marketing %20 brochure.docx`" and
"cv.PathOnClient=`https://sp.marketing.fisker.com/sites/sfdc/sandbox/Shar-
edDocuments/Marketingbrochur e.docx`;" is used to identify the
original source of the document and provide the document's
extension. The document title "cv.Title=`Fisker Marketing
Guidelines";" can be any test field. Finally, the command
"sforce.connection.create([cv]);" creates the TPCF.
[0070] FIGS. 6A-6B illustrate configuration of a content repository
in a social application 602 called Chatter using a user interface
600. FIG. 6A shows that the user interface 600 can host a social
application 602 with a quick find tab 601 to perform federated
search across various external data sources as described later in
this application. FIG. 6A also shows that user interface 600 can
include content hub 603 and a "set up" widget or button 615
[0071] FIG. 6B shows that user interface 600 can include a separate
window 625 to set up a new content repository. FIG. 6B also shows
that user interface 600 can include various tabs for entering user
credentials so as to connect to a given content repository. The
tabs illustrated in FIG. 6B can include "username" tab 626,
"password" tab 627 and "domain" tab 628. In other implementations,
user interface 600 may not have the same elements as those listed
above and/or may have other/different social elements instead of,
or in addition to, those listed above.
[0072] In some implementations, the user interface 600 as a
dashboard interface can be a hosted software service accessible via
an Internet web browser and function as a primary interface used by
the users to monitor, analyze, and engage with content repositories
111. The dashboard interface can allow users to interact with
content stored in content repositories 111 using screen-based
objects and/or widgets such as "set up" 615. In other
implementations, the user interface 600 as an engagement console
can be a computer desktop application primarily used for team-based
workflow of social media content engagement.
[0073] The user interface 600 can provide an interface or dashboard
for users to set up and host multiple legacy content repositories
111 within the social application 602. In some implementations,
users can click on the "set up" widget next to the name of the
external content repository they desire to host. For example, a
user can select the "set up" widget 615 to host SharePoint.RTM.
2010 in the social application 602.
[0074] Referring to FIG. 6B, users can provide their credentials
for the content repository they desire to host in window 625 using
the "username" tab 626 and "password" tab 627. In some
implementations, users can provide the domain address of the
content repository they desires to host in the "domain" tab
628.
[0075] FIGS. 7A-7B illustrate configuration of a third-party
chatter file in a social application 602 called Chatter.RTM. using
a user interface 700. FIG. 7A shows that user interface 700 can
include user files 724 in a social application library 723. FIG. 7A
also shows that the user interface 700 can include widgets 732,
733, 734, and 735 representing various content repositories
SharePoint.RTM., Dropbox.RTM., Box.net.RTM., and Google Drive.RTM.
respectively hosted in the social application 602. The user
interface 700 can also include a file folder named "Lead
Generation" 725 and a file within the file folder called "Fisker
Branding Guideliners.pdf" 736 and an icon 738 identifies the source
of the file 736.
[0076] FIG. 7B shows that user interface 700 can include a file
preview window 775 along with metadata 765 describing the file 736
in the social profile of a user 755 named "Monica Smithen." FIG. 7B
also shows that the user interface 700 can include a screen-object
that identifies the content repository storing the file 736. In
other implementations, user interface 700 may not have the same
elements as those listed above and/or may have other/different
social elements instead of, or in addition to, those listed
above.
[0077] In some implementations, the user interface 700 as a
dashboard interface can be a hosted software service accessible via
an Internet web browser and function as a primary interface used by
the users to create virtual objects and embed them in the social
feed of social application 602 as feed items. The dashboard
interface can allow users to interact with content stored in
content repositories 111 using screen-based objects and/or widgets.
In other implementations, the user interface 700 as an engagement
console can be a computer desktop application primarily used for
team-based workflow of social media content engagement.
[0078] In some implementations, once virtual objects or TPCFs are
created according to the process described above in this
application, they can be viewed in the social application 602.
Referring to FIG. 7A, when the user 755 accesses "Chatter Files"
tab 723 and clicks the "My Files" filter 724, the user 755 can view
the file "Fisker Branding Guidelines.pdf" 736. In some
implementations, the file can be identified as a SharePoint.RTM.
file by the orange icon 738 to the right of the file name 736.
[0079] Referring to FIG. 7B, user 755 can select the file "Fisker
Branding Guidelines.pdf" 736 to share it on the social application
602. In some implementations, a controlled access preview of the
file can provided through the window 775, along with metadata 765
describing it. In other implementations, a screen-object 745 can be
used to identify SharePoint.RTM. as the content repository storing
the file "Fisker Branding Guidelines.pdf" 736.
[0080] FIGS. 8A-8B illustrate sharing of a third-party chatter file
with a recipient group 825 using a user interface 800. FIG. 8A
shows that user interface 800 can include files and widgets 810,
812, 822, 832, 842, and 852 representing various content
repositories on the user's computer. Salesforce.RTM.,
SharePoint.RTM., Box.net.RTM., Dropbox.RTM., and Google Drive.RTM.
respectively are hosted in the social application 602. The user
interface 800 can also include files from these content
repositories including a file 825 named "FirstCall.ppt" that can be
displayed in a separate window 805.
[0081] FIG. 8B shows that user interface 800 can include a social
profile of a group 802 called "Telco Marketing Assets Group" with
the file "FirstCall.ppt" 825 shared in the social feed of the group
802 as a feed item. In other implementations, user interface 800
may not have the same elements as those listed above and/or may
have other/different social elements instead of, or in addition to,
those listed above.
[0082] In some implementations, the user interface 800 as a
dashboard interface can be a hosted software service accessible via
an Internet web browser and function as a primary interface used by
the authors to share third-party chatter files with other users of
the social application 602 referred to as "recipients." Subject to
recipients' access, the dashboard interface can allow recipients of
third-party chatter files to further share the files with other
users. In other implementations, the user interface 800 as an
engagement console can be a computer desktop application primarily
used for team-based workflow of social media content
engagement.
[0083] In some implementations, an author can select the
"FirstCall.ppt" 825 file from the window 805 described in FIG. 8A
and post it in the group 802 of FIG. 8B. In some implementations,
file 825 can appear to other users of the group 802 as a feed item
in the content feed. When other users or recipient with authorized
access to "FirstCall.ppt" 825 file select the file 825, they can
view a preview of the file 825 along with associated metadata and
an icon identifying the source of the file 825 as described in FIG.
7B.
[0084] In some implementations, when a user or recipient not
authorized to access the file 825 selects the file 825, the user
may not be provided the preview of the file 825. In other
implementations, such a user can only be provided the metadata
associated with the file 825 and the icon of the original source.
In yet other implementation, users can be supplied a link to
request authors or system administrators to grant them access to
the file 825.
Federated Search
[0085] FIG. 9 illustrates federated search 900 of a file 902 across
multiple content repositories from within a social application 602.
FIG. 9 shows that user interface 900 can include search bar 902,
results summary 903 for various data sources including
SharePoint.RTM. 905, Google Docs.RTM. 915, Dropbox.RTM. 925,
Contacts 935, Accounts 925, Volunteering 955, Leads 965, and
Sessions 975. It also includes search results 904 for
SharePoint.RTM. in pane 905, Google Docs.RTM. 915 and Dropbox.RTM.
925. In other implementations, user interface 900 may not have the
same elements as those listed above and/or may have other/different
social elements instead of, or in addition to, those listed
above.
[0086] In some implementations, a user can search a content object
like a document in the search bar 902 and receive results 923, 924
and 927 from various data sources such as SharePoint.RTM. 905,
Google Docs.RTM. 915, Dropbox.RTM. 925, Contacts 935, Accounts 925,
Volunteering 955, Leads 965, and Sessions 975. The number matches
found in a document can be provided by a number representation next
to the data sources' names.
[0087] In some implementations, search results 923, 924 and 927 can
include multiple virtual objects assorted in screen panes based on
the data sources they are stored in. In other implementations, the
name of the owners of the virtual objects can be displayed using
screen text objects 931 along with last modification data as widget
937.
Some Particular Implementations
[0088] The technology disclosed may be practiced as a method or
system adapted to practice the method.
[0089] In one implementation, a method is described for providing
flyweight access within a cloud-based environment to a content
object stored in an external content repository. The method
includes receiving a content object identifier for a content object
that a user or a system has selected to access from a cloud or
web-based software system, wherein the content object is stored on
an external content repository.
[0090] The method further includes passing the content object
identifier to a content hub that identifies the data source from
the object identifier and uses a repository-specific connector to
access the content repository and the content object.
[0091] The method further includes traversing one or more firewalls
or security layers between the content hub and the content
repository using a secure transport tunnel that forwards
authentication requests and authentication credentials to the
content repository.
[0092] The method further includes accessing the content object
using the repository-specific connector. It further includes
creating a virtual object that includes at least an access
controlled preview representing the content object and the content
object identifier. It further includes embedding the virtual object
in the content feed.
[0093] This method and other implementations of the technology
disclosed can each optionally include one or more of the following
features and/or features described in connection with additional
methods disclosed. In the interest of conciseness, the combinations
of features disclosed in this application are not individually
enumerated and are not repeated with each base set of features. The
reader will understand how features identified in this section can
readily be combined with sets of base features identified as
implementations.
[0094] The method further includes the content object identifier
including at least a title, description, origin, URL, and/or unique
ID of the content object.
[0095] The method further includes the content hub converting the
content object identifier to a data type that can be interpreted by
the content repository.
[0096] The method further includes the virtual object including
metadata describing the content object and an icon identifying the
content repository.
[0097] The method further includes the transport tunnel
establishing a full duplex connection between the content hub and
the content repository.
[0098] The method further includes allowing the user to manipulate
the metadata, wherein the manipulation is based on user's access
rights.
[0099] The method further includes providing user based access to
the virtual object, including determining whether the user is
authorized to view the preview representing the content object and
the content object identifier. If the user is not authorized to
view the preview, then determining whether the user is authorized
to view the metadata and the icon identifying the external content
repository. If the user is authorized to view the metadata and the
icon, then selecting the metadata and the icon for display, and if
the user is not authorized to view the metadata and the icon,
sending a link to request access or automatically granting access,
based on user preferences.
[0100] Other implementations may include a non-transitory computer
readable storage medium storing instructions executable by a
processor to perform any of the methods described above. Yet
another implementation may include a system including memory and
one or more processors operable to execute instructions, stored in
the memory, to perform any of the methods described above.
[0101] In another implementation, a method is described for
providing an author flyweight access within a social application to
a document stored in an external data source. The method includes
receiving from an author a document identifier for a document that
the author has selected to share or post in a social feed, wherein
the document is stored on an external data source.
[0102] The method further includes accessing the author's
credentials for access to the external data source and sending the
document identifier to a content hub that identifies the data
source from the document identifier.
[0103] The method further includes the content hub using a secure
transport tunnel to traverse one or more firewalls or security
layers and uses source-specific connectors to access the data
source.
[0104] The method further includes creating a virtual object that
includes at least an access controlled preview representing the
document and the document identifier. It further includes embedding
the virtual object in the social feed.
[0105] This method and other implementations of the technology
disclosed can each optionally include one or more of the following
features and/or features described in connection with additional
methods disclosed.
[0106] The method further includes the document identifier
including at least a title, description, origin, URL, and/or unique
ID of the document.
[0107] The method further includes the virtual object including
metadata describing the document and an icon identifying the
external data source.
[0108] Other implementations may include a non-transitory computer
readable storage medium storing instructions executable by a
processor to perform any of the methods described above. Yet
another implementation may include a system including memory and
one or more processors operable to execute instructions, stored in
the memory, to perform any of the methods described above.
[0109] In yet another implementation, a method is described for
providing a recipient flyweight access within a social application
to a document stored in an external data source. The method
includes a response to a recipient request to view a social feed
including a feed item, inspecting a virtual object in the feed item
that an author has selected to share or post, wherein the virtual
object represents a document residing on an external data
source.
[0110] The method further includes accessing the recipient's
credentials for access to the external data source. It further
includes sending the virtual object to a content hub that
identifies the data source from the virtual object
[0111] The method further includes the content hub using a secure
transport tunnel to traverse one or more firewalls or security
layers and uses source-specific connectors to access the data
source. It further includes supplying the recipient's credentials
to the data source for authentication checking.
[0112] The method further includes, subject to the recipient's
access, providing metadata describing the document, an icon
identifying the data source and a preview of the document in the
social feed. It further includes, when the recipient does not have
access, providing only the metadata describing the document and the
icon identifying the content repository or automatically granting
access, based on user preferences.
[0113] This method and other implementations of the technology
disclosed can each optionally include one or more of the following
features and/or features described in connection with additional
methods disclosed.
[0114] The method further includes, when the recipient does not
have access, supplying a link to request the preview of the
document in the social feed.
[0115] Other implementations may include a non-transitory computer
readable storage medium storing instructions executable by a
processor to perform any of the methods described above. Yet
another implementation may include a system including memory and
one or more processors operable to execute instructions, stored in
the memory, to perform any of the methods described above.
[0116] In yet another implementation, a method is described for
performing federated search of content across fragmented data
sources from a social application. The method includes receiving
content identifiers for content that a user desires access to from
the social application, wherein the content is stored in at least
one of the fragmented data sources.
[0117] The method further includes sending the content identifier
to a content hub that uses a secure transport tunnel to traverse
one or more firewalls or security layers and uses source-specific
connectors to access the fragmented data sources.
[0118] The method further includes identifying the content in at
least one of the fragmented data sources. It further includes
creating one or more virtual objects that include at least an
access controlled preview representing the content in at least one
of the fragmented data sources.
[0119] The method further includes presenting the virtual objects
in a user interface responsive to user selection. It further
includes embedding the virtual objects in a social feed as feed
items upon user selection.
[0120] This method and other implementations of the technology
disclosed can each optionally include one or more of the following
features and/or features described in connection with additional
methods disclosed.
[0121] The method further includes the content hub converting the
content identifiers to data types that can be interpreted by any of
the fragmented data sources. It further includes the virtual
objects including metadata describing the content and an icon
identifying at least one of the fragmented data sources.
[0122] While the technology disclosed is disclosed by reference to
the preferred embodiments and examples detailed above, it is to be
understood that these examples are intended in an illustrative
rather than in a limiting sense. It is contemplated that
modifications and combinations will readily occur to those skilled
in the art, which modifications and combinations will be within the
spirit of the invention and the scope of the following claims.
* * * * *
References