JP2018156405A - Service cooperation system, service cooperation method, and server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a service cooperation system which realizes, with a series of operations, coordination of user registration and authorization of an external service upon using an application.SOLUTION: A service cooperation system has a first cloud system 100 and a second cloud system 200. The first cloud system can register first user information of a service application 112 on its application when the service application 112 is used. The second cloud system registers, before a service application 215 is used, second user information of the service application 215 including information of cooperation with an external service 301. When a request for registration of user information is received on the service application 215 called through the first cloud system, a service authorization unit 214 determines an external service in cooperation with the application, and requests authorization cooperating processing for the determined external service. A user registration unit 212 associates, with a user ID, a result of the authorization cooperating processing by the external service.SELECTED DRAWING: Figure 4

Description

  The present invention relates to a service cooperation system, a service cooperation method, and a server.

2. Description of the Related Art A service cooperation system is known in which an application uses a service of another server via an API so that the application and the other server can continuously execute processes to provide a series of services. In order to provide a service that crosses a plurality of services in the service cooperation system, a process for linking both services is required.
In the service cooperation system described in Patent Literature 1, a common user ID issued to each user by the service cooperation apparatus for each application and a connection destination user ID necessary for using an external service are stored in a database in advance. Keep it. When a cooperation request to an external service including a common user ID is received from the application, the service cooperation measure accesses the external service using the connection destination user ID. Therefore, an application can provide a user with a service linked to an external service simply by calling a common user ID and API.

In a conventional service cooperation system, it is necessary to link an external service to a user ID in advance before a user uses a service that spans multiple services. That is, the user first registers the user in the user management database related to the application, and then separately selects an external service to be used from the authorization cooperation site. If the target external service is unauthenticated, the user ID / password for the external service Enter information and authenticate (log in). If it is already authenticated, authorization linkage with external service is permitted. By starting the application after completion of the above work, the user can receive a service linked to an external service. Thus, conventionally, the work before using the application has been complicated.
The present invention has been made in view of the above circumstances, and an object thereof is to realize authorization cooperation between user registration and an external service in a series of operations when an application is used.

  In order to solve the above-mentioned problem, the invention according to claim 1 is the first user management capable of registering the first user information related to the user of the first application on the first application when the first application is used. A first platform system comprising means and a second user management means for registering second user information relating to a user of the second application including linkage information with an external service before starting the use of the second application. A second platform system that accepts a registration request for the second user information on the second application called via the first platform system. Before linking with the second application External service determination means for determining an external service; and service authorization means for requesting authorization cooperation processing for the determined external service, wherein the second user management means is the authorization cooperation processing by the external service. The authorization cooperation information representing the result of the above is associated with the user identification information.

  According to the present invention, it is possible to realize authorization cooperation between user registration and an external service in a series of operations when using an application.

It is a figure which shows schematic structure of the service cooperation system which concerns on one Embodiment of this invention. It is a block diagram which shows an example of the hardware constitutions of PC. 2 is a block diagram illustrating an example of a hardware configuration of an MFP. FIG. It is a block diagram which shows the function structure of the service cooperation system which concerns on one Embodiment of this invention. It is a figure which shows an example of the table memorize | stored in 2nd user management DB of a 2nd cloud system, (a) is a user management table, (b) is a table for external service cooperation. (A)-(e) is a figure which shows an example of the screen transition and process outline which concern on the user registration process and service cooperation process which are performed when using the application of a 2nd cloud system from a 1st cloud system. It is the sequence diagram which showed the process which concerns on the user registration and service cooperation of a 2nd cloud system. It is a figure which shows an example of an actual screen, (a) is an address input screen, (b) is a figure which shows a mail transmission completion screen. It is a figure which shows an example of an actual screen, (a) is a user registration screen, (b) is a figure which shows a user registration completion screen. It is a figure which shows an example of an actual screen, (a) is an authorization cooperation screen, (b) is a figure which shows an authorization cooperation confirmation screen. (A)-(d) is a figure which shows an example of the screen transition and process outline | summary which concern on the service cooperation process performed when using the application of a 2nd cloud system from a 1st cloud system. It is the sequence diagram which showed the process which concerns on service cooperation. (A)-(d) is a figure which shows an example of the screen transition and process outline | summary which concern on the service cooperation process performed when using the application of a 2nd cloud system from a 1st cloud system. It is the sequence diagram which showed the process which concerns on service cooperation.

[First embodiment]
The present invention is characterized in that, when a user uses a service on the cloud realized by an application, user registration and external service authorization cooperation are realized in a series of operations. The features of the present invention described above will be described in detail with reference to the following drawings. However, the components, types, combinations, shapes, relative arrangements, and the like described in this embodiment are merely illustrative examples and not intended to limit the scope of the present invention only unless otherwise specified. .
Note that the terms “Box”, “Concur”, “DropBox”, “Google”, and “Office 365” shown in this specification and / or the drawings are registered trademarks.

  In this specification, “application” may be abbreviated as “application”.

<System overview>
FIG. 1 is a diagram showing a schematic configuration of a service cooperation system according to an embodiment of the present invention.

The service cooperation system 1 has, as back ends, a first cloud system 100 that provides a first cloud service under a first platform system, and a second cloud system 200 that provides a second cloud service under a second platform system. And an external service group 300 including a plurality of external services 301X, 301Y, 301Z... That cooperate with the second cloud system 200, and a mail receiving server 400 that receives an email transmitted from the second cloud system 200. The functions of the above systems may be realized by a single server (apparatus) or may be realized by a plurality of servers (apparatus).
In addition, the service cooperation system 1 includes an MFP (Multifunction Peripheral) 500 and a PC (Personal Computer) 600 as client-side devices that use the above systems. The MFP 500 and the PC 600 function as a front end for the back end.
Each system and apparatus constituting the service cooperation system are connected to each other via a network N so as to be able to transmit and receive data.

<< First Cloud System >>
The first cloud system 100 includes a plurality of functional modules 101 and a first user management DB 102.
The first cloud system 100 serves as a function module 101, a service application (first application) that provides various services such as a print service and a scanning service to the MFP 500 via the network N based on a request from the MFP 500, A launcher application that generates a home screen displaying buttons for calling each service application, a user management module (first user management means) that manages a user who uses each service application for each service application, and an authentication module that performs user login authentication Etc.
The first user management DB (first user management means) 102 is means for storing user information (first user information) of a user who uses a service provided by each service application. In the first cloud system 100, user information of users who use each service is managed for each service application by the user management module. That is, the user management module manages user information (user ID), organization name (organization ID), e-mail address, password, name, and the like individually for each service as user information. In the first cloud system 100, the user information can be registered on the screen of each service app when the service app is provided, in other words, when the user uses the service app (or when the user starts using the service app). Yes.

<< Second Cloud System >>
Similarly to the first cloud system 100, the second cloud system 200 includes a plurality of functional modules and a second user management DB 204.
The second cloud system 200 includes an authentication module 201, a GUI (Graphical User Interface) module 202, and a service module 203 as functional modules. The authentication module 201 performs registration, management, and authentication of user information of users who use each service of the second cloud system 200. The GUI module 202 holds a GUI (html content) for performing each process related to registration and management of user information using the authentication module 201. The service module 203 is an application module that provides various services such as a print service and a scanning service to the MFP 500 via the network N based on a request from the MFP 500.
The second user management DB 204 is means for storing user information of a user who uses a service provided by each service module 203. In the second cloud system 200, user information of users who use each service is centrally managed by the authentication module 201. That is, the authentication module 201 collectively manages, as user information, a user name (user ID), an organization name (organization ID), an e-mail address, a password, a name, and the like with a plurality of services. The authentication module 201 accesses the second user management DB 204 during user authentication, reads information necessary for user authentication, and performs user authentication based on the read information.
In principle, the user information in the second cloud system 200 is registered before the service is provided, in other words, before the user starts using the service. However, when providing a service via the first cloud system 100, the user information is provided when the service is provided, in other words, when the service is used by the user (or at the start of use), as in the first cloud system 100. Registration is possible from the screen of each service module.

<< External service group >>
The external service group 300 includes a plurality of external services 301 (301X, 301Y, 301Z...). Each external service 301 is an external storage service provided also as OSS (Open-source software). The external service 301 provides various services to the user in cooperation with each service module 203 provided by the second cloud system 200.
For example, the external service 301 provides services such as storing scanning data read by the MFP 500, performing OCR processing on the scanning data, and storing OCR data as a processing result.

<< Mail receiving server >>
The mail receiving server 400 is a server that receives and accumulates e-mails transmitted from the second cloud system 200.

<< MFP >>
The MFP 500 is a device that receives service provision from each of the cloud systems 100 and 200 via the network N. A browser 501 is installed in the MFP 500 in advance. The browser 501 can call a service provided by each cloud system 100, 200. The browser 501 can display a screen (html content) related to each called service and transmit a processing request to each service.
In order to receive the service provided by each cloud system, the MFP 500 has a dedicated application corresponding to each of the cloud systems or individually corresponding to each of the cloud systems, instead of the browser 501 or together with the browser 501. It may be installed. Furthermore, an apparatus that receives a service provided by each of the cloud systems may be an electronic device other than the MFP 500, such as a PC or a smartphone.

<< PC >>
When using the service provided from the second cloud system 200 by the MFP 500, the PC 600 accepts input of user information related to a user who uses the service and transmits the input user information to the second cloud system 200. The device that requests to be registered. A browser 601 is installed in the PC 600 in advance, and a user information registration screen (html content) transmitted from the second cloud system 200 can be displayed on the browser 601.
Furthermore, the PC 600 can acquire and display the electronic mail transmitted from the second cloud system 200 from the mail receiving server 400 using the browser 601 or a dedicated mail application.
In addition, the apparatus which implement | achieves each said function may be other than PC600, for example, portable terminals, such as a smart phone, may be sufficient.

<Hardware composition>
FIG. 2 is a block diagram illustrating an example of the hardware configuration of the PC.
The PC 600 includes a CPU (Central Processing Unit) 611, a ROM (Read Only Memory) 612, a RAM (Random Access Memory) 613, an HDD (Hard Disk Drive) 614, an operation unit 615, a display unit 616, and a communication IF 617. The units are connected via a bus.
The CPU 611 is an arithmetic device that controls the PC 600 in an integrated manner. The ROM 612 is a nonvolatile memory that stores a BIOS, a boot program, and the like. The RAM 613 is a volatile memory serving as a work area for programs executed by the CPU 611. The HDD 614 is a nonvolatile storage unit that stores programs, data, and the like that are different from the ROM 612. The CPU 611 implements various functions by expanding and executing data read from the ROM 612 or the HDD 614 in the RAM 613.
The operation unit 615 is a unit that receives an operation from the user. The display unit 616 is an interface that displays operation results and the like to the user. The operation unit 615 is configured by, for example, a keyboard and a mouse, and the display unit 616 is configured by a display or the like. The operation unit 615 and the display unit 616 may be integrated to form a touch panel display.
The communication IF 617 is an interface for connecting to the network N and transmitting / receiving data to / from each device connected via the network N.
Note that the hardware configurations of the first cloud system 100, the second cloud system 200, each server constituting each external service 301, and the mail receiving server 400 shown in FIG. 1 are the same as the hardware configuration of the PC 600. The description is omitted.

FIG. 3 is a block diagram illustrating an example of a hardware configuration of the MFP.
The MFP 500 includes a controller 510, an operation display unit 516, an engine control unit 518, a scanner engine 519, a print engine 520, and the like.
The controller 510 includes a CPU 511, a ROM 512, a RAM 513, an HDD 514, an operation display IF 515, a communication IF 517, and the like, and the above-described units are connected via a bus. Since the CPU 511, the ROM 512, the RAM 513, the HDD 514, and the communication IF 517 are the same as those included in the PC 600, the description thereof is omitted. The operation display IF 515 is an interface for connecting the operation display unit 516 to the controller 510.
The operation display unit 516 is a unit that receives an operation from the user and displays various data to the user, and is realized by, for example, a touch panel display. Note that the means for receiving the operation and the means for displaying the operation result and the like may be configured by separate hardware.
The engine control unit 518 is a unit that controls the scanner engine 519 and the print engine 520. A scanner engine 519 is a device that reads an image such as a document. The print engine 520 is an apparatus that forms an image on a recording medium such as printing paper.

<Functional block>
FIG. 4 is a block diagram showing a functional configuration of the service cooperation system according to the embodiment of the present invention.
The client terminal 700 is the MFP 500 or the PC 600 shown in FIG. 1, and is a front end in this system. The client terminal 700 includes a UI (User Interface) unit 702, a cookie holding unit 703, and a Web storage 704 in the browser 701.
The UI unit 702 is an interface of the browser 701, and is realized by the CPU shown in FIG. 2 or 3 expanding and executing a program stored in the ROM on the RAM.
The cookie holding unit 703 is an area that holds cookie information related to data communication with the first cloud system 100 or the second cloud system 200.
The web storage 704 is an area for storing data acquired by the client terminal 700 via the UI unit 702, and includes session storage and local storage. Session storage is storage that is valid for a one-time session in units of windows and tabs. The local storage is an area that permanently holds data.
The cookie holding unit 703 and the web storage 704 are realized by the RAM or HDD shown in FIG.

The first cloud system 100 includes a launcher application 111 that generates a home screen, a service application 112 (first application) that provides various services, and the like. The launcher application 111 and the service application 112 are realized by the CPU developing and executing a program stored in the ROM on the RAM.
The second cloud system 200 includes a mail transmission unit (mail transmission unit) 211, a user registration unit (second user management unit) 212, a user authentication unit (user authentication unit) 213, and a service authorization unit (external service determination unit, service authorization). Means) 214, service application (second application) 215, second user management DB (second user management means) 204, and cache 217. The mail transmission unit 211, the user registration unit 212, the user authentication unit 213, the service authorization unit 214, and the service application 215 are realized by the CPU developing and executing a program stored in the ROM on the RAM. The second user management DB 204 is realized by an HDD, and the cache 217 is realized by a RAM.
The mail transmission unit 211 is a unit that transmits an e-mail describing a predetermined URL to the mail address input from the UI unit 702 of the client terminal 700. The user registration unit 212 performs each process related to registration and management of user information (second user information) related to a user who uses the service application 215. The user authentication unit 213 executes processing for authenticating a user. The service authorization unit 214 performs a process of authorizing the external service 301 for the service provided by the second cloud system 200 and causing it to cooperate.
The service application 215 is application software that provides the client terminal 700 with various services such as a print service and a scan service.

The second user management DB 204 is a user management table that is a list of users who use a service provided by the second cloud system 200, and a table for linking the service provided by the second cloud system 200 and the external service 301. A certain service linkage table is stored. The cache 217 is a primary storage area for various data.
The correspondence between this figure and FIG. 1 is as follows. The mail transmission unit 211 and the user registration unit 212 correspond to the GUI module 202, and the user authentication unit 213 and the service authorization unit 214 correspond to the GUI module 202 and the authentication module 201. The service application 215 corresponds to the service module 203.

<Service linkage table>
FIG. 5 is a diagram illustrating an example of a table stored in the second user management DB of the second cloud system, where (a) is a user management table and (b) is an external service cooperation table.
In the user management table of FIG. 5A, for a unique user ID (user identification information) for identifying the user, a unique organization ID (organization identification information) for identifying the organization to which the user belongs, and the user's first and last name , Mail address, gender, etc. are related and stored. The user management table is read from the second user management DB 204 when the user authentication unit 213 performs user authentication and when the user registration unit 212 registers a user as a user of the second cloud system 200. The user registration unit 212 uses the user management table to check for duplicate registration of users and register new users.
The user ID is identification information that is commonly used when using each service application of the second cloud system 200, and is issued by the second cloud system 200 when registering a new user. Further, the user ID alone may have a uniqueness that can be distinguished from other user IDs, or can be identified from a combination of other user IDs and organization IDs by combining the user ID and the organization ID. Uniqueness may occur.

  The external service cooperation table in FIG. 5B is prepared for each user (for each user ID). In the external service cooperation table, for the unique service ID (service identification information) given to the service provided by each service application, the name of the external service, the redirect URL to the external service, and the external service Authorization cooperation information indicating the authorization cooperation state is stored in association with each other. The authorization cooperation information includes authorization permission / inhibition information indicating whether or not an external service is authorized and linked to the service indicated by the service ID, and an authorization scope indicating the scope of authority of the external service that is authorized and linked. Including. The external service cooperation table is read from the second user management DB 204 when the service authorization unit 214 performs authorization cooperation of the external service for the application used by the user.

<Overview of user registration>
FIGS. 6A to 6E are diagrams illustrating an example of screen transitions and processing outlines related to user registration processing and service cooperation processing executed when an application of the second cloud system is used from the first cloud system. .

FIG. 6A shows an example of a home screen 810 displayed on the MFP 500. The home screen 810 is an html content screen formed by the launcher application 111 (FIG. 4) that is one of the service applications provided by the first cloud system 100.
On the home screen 810, application buttons 811A and 811B for calling applications A, B... Provided by the first cloud system 100, and an application button 811a for calling an application a provided by the second cloud system 200 are displayed. In the present embodiment, it is assumed that one application is provided from the second cloud system 200.
Here, the organization (for example, a corporation such as a company) that is the owner of the MFP 500 needs to make a service use contract with the provider of the first cloud system 100 and the provider of the second cloud system 200 in advance. . On the home screen 810, application buttons corresponding to applications that the organization has contracted with each service provider are displayed. When a general user belonging to an organization logs in to the first cloud system 100 from the MFP 500 using authentication information such as an organization ID, a user ID, and a password, a home screen 810 is displayed on the browser 501 of the MFP 500. Furthermore, each user needs to perform user registration for the application with his / her user ID associated with the organization ID when using (or starting using) the application displayed on the home screen 810.
When the user presses the application button 811a and instructs to call the application, the browser screen changes to FIG.

FIG. 6B is a diagram illustrating an example of an application screen 820 provided by an application on the second cloud system 200. The application screen 820 includes a user list button 821, a registration button 822, and a return button 823. The user list button 821 is a button for displaying a list of users who use the application, the registration button 822 is a button for registering the application in association with the user ID, and the return button 823 transitions to the home screen 810. It is a button for.
When the user presses the registration button 822 to instruct user registration, the browser screen changes. When an unregistered user newly registers as in the present embodiment, the screen transitions to the screen shown in FIG.

FIG. 6C is a diagram illustrating an example of an address input screen 830 that allows the user to input a mail address.
When the user inputs a mail address in the address input field 831 and presses the Send button 832, the input mail address is transmitted to the second cloud system 200. The second cloud system 200 transmits an email including a user registration URL to the transmitted email address.

FIG. 6D is a diagram illustrating an example of a user registration screen.
When the user receives an e-mail at PC 600, which is a client terminal different from MFP 500, and opens a user registration URL described in the received e-mail with browser 601, user registration screen 840 is displayed.
The user registration screen 840 is a screen for registering user information other than email addresses. When the user inputs necessary information on the user registration screen 840 and presses the save button 841, the user information is transmitted to the user registration unit 212 of the second cloud system 200 (App.a Authentication & ID management in the figure). Is done. The user registration unit 212 stores the transmitted user information in the user management table (FIG. 5A) of the second user management DB 204 (FIG. 4).

FIG. 6E is a diagram illustrating an example of an authorization cooperation screen 850 that executes authorization cooperation with an external service. When the registration of the user information shown in FIG. 6D is successful, if the target external service is not authenticated, an authentication screen (login screen) is displayed. When the user inputs the user ID / password information for the external service and the authentication is completed, the authorization cooperation screen 850 is displayed on the browser 601 of the PC 600.
When the application is an application that requires authorization cooperation with a specific external service, for example, the application is a scanner application, and the scan data read by the image reading apparatus is transmitted to a specific external storage service. In the screen for executing the process that authorizes the app (the process that gives the app permission to access the external storage service) so that the app and the specific external storage service can cooperate with each other is there.
The authorization cooperation screen 850 has a permission button 851. The user presses the permission button 851 when accepting the authorization cooperation between the application and a specific external service.

<Flowchart / Sequence chart>
User registration processing and service cooperation processing in the second cloud system will be described with reference to FIGS. FIG. 7 is a sequence diagram illustrating processing related to user registration and service cooperation of the second cloud system.
In step S <b> 101, the user inputs an instruction for requesting the home screen 810 (FIG. 6A) from the browser 501 of the MFP 500. That is, the user inputs an organization ID, a user ID, and a password on the login screen displayed on the browser 501 of the MFP 500, and instructs the first cloud system 100 to log in (first time login).
In step S <b> 103, the MFP 500 transmits an organization ID, a user ID, and a password to the first cloud system 100 to request login to the system and request a home screen 810. Further, the browser 501 of the MFP 500 holds the organization ID in the session storage of the Web storage 704 (FIG. 4).
In step S104, the first cloud system 100 executes a login authentication process by the authentication module.
In step S <b> 105, the first cloud system 100 returns the home screen 810 to the browser 501 of the MFP 500 when the authentication process is successful. As a result, the home screen 810 is displayed on the browser 501.

In step S <b> 107, the user instructs to call an application on the second cloud system 200 by pressing the application button 811 a displayed on the home screen 810.
In step S109, the MFP 500 requests the second cloud system 200 to call an application.
In step S <b> 111, the second cloud system 200 returns the application screen 820 (FIG. 6B) to the MFP 500.
In step S113, the user presses a registration button 822 on the application screen 820 to instruct execution of user registration.
In step S115, the MFP 500 requests the second cloud system 200 for an address input screen 830 (FIG. 6C, FIG. 8A).
In step S <b> 117, the user registration unit 212 of the second cloud system 200 returns the address input screen 830 to the MFP 500.

In step S 119, the user inputs his / her mail address in the address input field 831 of the address input screen 830 and presses the Send button 832.
In step S121, the browser 501 of the MFP 500 sends a request for sending an email addressed to the corresponding email address together with the service ID for identifying the service provided by the application, the input email address, and the organization ID held in the session storage. And send a request for sending an e-mail.
In step S123, the user registration unit 212 creates, as new user information, a record in which the organization ID and the mail address are associated with the user ID in the user management table (FIG. 5A) and stores it in the second user management DB 204. Let In addition, the user registration unit 212 creates an external service cooperation table for the user (FIG. 5B) and stores it in the second user management DB 204.
In step S125, the mail transmission unit 211 of the second cloud system 200 transmits an e-mail in which the URL for user registration is described in the corresponding address.
In step S127, the mail transmission unit 211 returns a mail transmission completion screen (FIG. 8B) to the browser 501 of the MFP 500.

After this step, the user operates the PC 600.
In step S129, the PC 600 receives an e-mail. The e-mail may be received by the browser 601 or a dedicated mail application.
In step S131, the user selects a link to the URL described in the received e-mail and instructs the display of the Web page indicated by the URL.
In step S133, the browser 601 of the PC 600 requests the user registration screen 840 (FIG. 6D, FIG. 9A) from the user registration unit 212 of the second cloud system 200.
In step S135, the user registration unit 212 returns the user registration screen 840.

In step S137, the user inputs necessary items in each item column of the user registration screen, and presses the save button 841 (FIG. 6D, FIG. 9A).
In step S139, the browser 601 transmits a user information registration request to the second cloud system 200 and a determination request for an external service linked to a service provided by the application.
In step S141, the user registration unit 212 stores the input information in association with the user ID in the user management table (FIG. 5A) of the second user management DB 204.
In step S143, the service authorization unit 214 determines an external service linked to the service based on the service ID transmitted in step S121 (external service determination step), and passes the determination result to the user registration unit 212.
In step S145, the user registration unit 212 returns a user registration completion screen (FIG. 9B). The user registration completion screen includes a button that allows the user to select whether or not to perform authorization cooperation with the external service associated with the service ID.

In step S147, the user presses the connect button 871 (FIG. 9B) displayed on the user registration completion screen 870 when executing authorization cooperation with the external service associated with the service ID.
In step S149, the browser 601 requests an authorization cooperation screen.
In step S151, the service authorization unit 214 requests the external service 301 for an authorization cooperation screen.
In step S153, the external service 301 returns the authorization cooperation screen 850 (FIG. 6 (e), FIG. 10 (a)). If the external service is unauthenticated, the external service 301 returns an authentication screen prior to step S153. After the external service user ID and password are input from the user and the authentication process is completed, the external service 301 executes the process of step S153.
In step S155, the service authorization unit 214 returns the authorization cooperation screen 850.

In step S <b> 157, when permitting authorization cooperation with the external service 301, the user presses the permission button 851 on the authorization cooperation screen 850.
In step S <b> 159, the browser 601 requests authorization cooperation from the service authorization unit 214.
In step S161, the service authorization unit 214 requests authorization cooperation from the external service 301 (service authorization step).
In step S163, the external service 301 executes an authorization cooperation process, and responds whether authorization cooperation is possible.
In step S164, the user registration unit 212 stores the authorization cooperation information including the approval / denial information indicating the result of the authorization cooperation processing by the external service 301 in the external service cooperation table in the second user management DB 204 in association with the user ID. Let That is, the user registration unit 212 stores the result of the authorization cooperation process (whether authorization cooperation is possible and the authorization scope) in the external service cooperation table prepared for each user.
In step S165, the service authorization unit 214 returns the authorization cooperation confirmation screen (FIG. 10B) to the browser 601.

<Screen sample>
FIG. 8 is a diagram illustrating an example of an actual screen, where (a) is an address input screen and (b) is a mail transmission completion screen.
An address input screen 830 shown in FIG. 8A is a screen corresponding to FIG. 6C, and is a screen displayed on the browser 501 in step S119 of the sequence chart of FIG. That is, the address input screen 830 is displayed when the user of the first cloud system 100 uses the service provided by the second cloud system 200 via the first cloud system 100 (when the registration button 822 in FIG. 6B is pressed). ) Is a screen displayed on the browser 501 of the MFP 500. A user who newly uses the service of the second cloud system 200 needs to register an account with the second cloud system 200. An address input screen 830 is displayed for the user ID for the first cloud system 100 that is not account-registered in the second cloud system 200.
When an e-mail address is entered in the address input field 831 of the address input screen 830 and the Send button 832 is pressed, the screen displayed on the browser 501 of the MFP 500 transitions to the e-mail transmission completion screen 860 shown in FIG. S127).

FIG. 9 is a diagram illustrating an example of an actual screen, where (a) is a user registration screen and (b) is a user registration completion screen.
A user registration screen 840 shown in FIG. 9A is a screen corresponding to FIG. 6D, and is a screen displayed on the browser 601 of the PC 600 in step S137 of FIG. The user registration screen is a screen uniquely given to each user who newly registers an account, and the mail address entered in FIG. 9A has already been entered in the mail address field. As the items necessary for account registration by the user, the user name, password, and first and last name are entered in the respective columns, and the save button 841 is pressed to execute account registration processing.
A user registration completion screen 870 shown in FIG. 9B is a screen displayed when the save button 841 is pressed on the user registration screen 840, and is a screen displayed on the browser 601 of the PC 600 in step S147 of FIG. It is. If the user wishes to continue cooperation with an external service, the user presses the connect button 871.

FIG. 10 is a diagram showing an example of an actual screen, where (a) shows an authorization cooperation screen and (b) shows an authorization cooperation confirmation screen.
The authorization cooperation screen 850 shown in FIG. 10A is a screen corresponding to FIG. 6E, and is a screen displayed on the browser 601 of the PC 600 in step S157 of FIG. The authorization cooperation screen 850 is provided from an external service. When the user wishes to cooperate with an external service, the user presses the permission button 851.
The authorization cooperation confirmation screen 880 shown in FIG. 10B is a screen that is returned to the browser 601 of the PC 600 in step S165 of FIG. The user can confirm on the authorization cooperation confirmation screen 880 whether or not the authorization cooperation state with the external service for the user ID and whether the authorization cooperation has ended normally.

<User management method in each cloud system>
It supplements about the user management method in each cloud system.
In the first cloud system 100, user information is managed for each service application. That is, when using (or starting to use) each application of the first cloud system 100 displayed on the home screen in FIG. 6A, the user can select the user name (user ID) from the application screen (on the application). , Password, first name and last name must be entered to register as a user for each app. The user ID of the user registered for the application is managed in association with the organization ID input at the first login. In addition, the authorization cooperation process with the external service is executed at the time of user registration for each application.
In the second cloud system 200, user information is managed centrally in the system. When using the second cloud system 200 without interposing the first cloud system 100, registration of user information such as a user name (user ID), organization name (organization ID), password, first and last name in advance before using the application is started. It is necessary to complete the process and the authorization linkage process with the external service.
In the present embodiment, when the service of the second cloud system 200 is used via the first cloud system 100, the user can use the application screen from the application screen when using the application (or at the start of use) as in the first cloud system 100. It is intended to perform authorization linkage between registration and external services. The user opens an e-mail sent to the address input on the address input screen in FIG. 6C, and accesses the URL described in the e-mail, so that the user information is registered and the external service is authorized. Processing up to the linkage can be executed in a series of operations.
That is, by using the service ID notified from the application, it is possible to determine whether or not the user registration for the application or the presence or absence of the authorization cooperation, so the user can register the user in advance with the cloud system before using the application. In addition, it is not necessary to perform authorization cooperation with external services. Therefore, usability is improved.

[Second Embodiment]
A service cooperation system according to the second embodiment of the present invention will be described. In the second cloud system, if the user is registered for one of the apps that the organization has a contract with, the user is also associated with the other apps with which the organization has a contract. Other applications can be used without an information input operation (user registration for the application). However, an application that has not completed authorization linkage with an external service cannot provide a service linked with the external service.
Therefore, the present embodiment is characterized in that for a user registered as a user of the second cloud system, authorization cooperation with an external service is performed with a simple operation. Specifically, another application is characterized in that the user information input is omitted and only the user authentication is performed, and when the user authentication is successful, the authorization cooperation with the external service is performed.

<Overview of user registration>
FIG. 11 is a diagram illustrating an example of a screen transition and a process outline related to a service cooperation process executed when an application of the second cloud system is used from the first cloud system. Note that description of the same screen as that shown in FIG. 6 is omitted as appropriate.

FIG. 11A illustrates an example of a home screen 810 displayed on the MFP 500.
On the home screen 810, application buttons 811A and 811B for calling the applications A and B on the first cloud system 100 and application buttons 811a and 811b for calling the applications a and b on the second cloud system 200 are displayed. Yes. In the present embodiment, a plurality of apps are provided from the second cloud system. However, the applications a and b are different from each other in the external services linked in the application. That is, the application a is an application that cooperates with the external storage service StorageX and transmits the scan data read by the scanner engine 519 (FIG. 3) to the StorageX and stores it. The application b is an application that cooperates with the external storage service Storage Y to transmit scan data to Storage Y and save it.
When the user presses the application button 811b to instruct to call the application b, the browser screen changes to FIG.

FIG. 11B is a diagram illustrating an example of an application screen 820 provided by an application on the second cloud system 200. The application screen 820 is similar to FIG. 6B, but includes a registration / authentication button 824 as an operation button.
When the user presses the registration / authentication button 824, the screen of the browser 501 of the MFP 500 transitions to the screen shown in FIG.

FIG. 11C is a diagram illustrating an example of an ID / PW input screen 890 that allows the user to input a user ID and a password. The ID / PW input screen 890 includes an ID / PW input field 891, an OK button 892, and a new registration button 893.
The ID / PW input screen 890 functions as a screen for logging in to the second cloud system 200 for registered users, and functions as a screen for prompting the second cloud system 200 to perform user registration for new users. That is, when a registered user inputs a user ID and password in the ID / PW input field 891 and presses the OK button 892, the organization ID is added to the input user ID and password and transmitted to the second cloud system 200. The The second cloud system 200 executes login authentication using the transmitted user ID, organization ID, and password. When the login authentication is successful, the screen of the browser 501 transitions to the screen shown in FIG.
When the new user presses the new registration button 893 in accordance with a display such as “Click here for new registration”, the screen transitions to the address input screen shown in FIG. 6C and can proceed to the user registration process.
Thus, in the present embodiment, the processing differs depending on whether or not the user is already registered in the second cloud system 200. In the following description, it is assumed that the user registration process and the authorization cooperation process for StorageX (a series of processes described in the first embodiment) have already been completed for the application a (ScanToStorageX). Further, it is assumed that the application b (ScanToStorageY) is used for the first time, and authorization cooperation for StorageY is not performed.
In the first embodiment, the new user of the second cloud system presses the registration button 822 (FIG. 6), and the user registration process and the authorization cooperation process are executed. However, in the present embodiment in which user registration from the app a to the second cloud system has already been performed, the user registration processing is omitted to simplify the processing, and only authorization cooperation for Storage Y that cooperates with the app b is executed. To do.

  FIG. 11D is a diagram illustrating an example of an authorization cooperation screen 850 that executes authorization cooperation with an external service. The screen shown in this figure is the same as the authorization cooperation screen 850 shown in FIG. However, FIG. 11D is different from FIG. 6E in that it is displayed on the browser 501 of the MFP 500.

<Sequence chart>
Service cooperation processing in the second cloud system will be described.
FIG. 12 is a sequence diagram illustrating processing related to service cooperation. Note that description of steps similar to those in FIG. 7 is omitted as appropriate.
Steps S201 to S211 are the same as steps S101 to S111.
In step S213, the user presses the registration / authentication button 824 (FIG. 11B) on the application screen 820.
In step S215, the MFP 500 requests the second cloud system 200 for an ID / PW input screen (FIG. 11C).
In step S <b> 217, the user authentication unit 213 of the second cloud system 200 returns the ID / PW input screen 890 to the MFP 500.

In step S219, the user inputs the user ID and password in the ID / PW input field 891 of the ID / PW input screen 890, and presses an OK button 892.
In step S221, the browser 501 of the MFP 500 transmits a service ID for identifying the service, a user ID, a password, an organization ID held in the session storage, and a login request to the second cloud system 200.
In step S223, the user authentication unit 213 executes user authentication processing. That is, the user authentication unit 213 compares the user ID, organization ID, and password transmitted from the browser 501 of the MFP 500 with the data in the user management table (FIG. 5A) of the second user management DB 204, Authenticate. If the authentication is successful, the process proceeds to step S227.
In step S225, the service authorization unit 214 determines an external service that cooperates with the service based on the service ID transmitted in step S221 (external service determination step), and passes the determination result to the user registration unit 212.
In step S226, based on the external service cooperation table, the user registration unit 212 determines whether the external service determined in step S225 has already been authorized for the user. If the determined external service is an external service that is not linked to the user, the process proceeds to step S227.
In step S227, the service authorization unit 214 requests an authorization cooperation screen from the external service 301 associated with the service ID.
In step S229, the external service 301 returns the authorization cooperation screen (FIG. 11 (d)).
In step S231, the service authorization unit 214 returns an authorization cooperation screen.

Steps S233 to S241 are the same as steps S157 to S165 of FIG. 7 except that the browser related to the process is the browser 501 of the MFP 500, and thus description thereof is omitted.
As described above, according to the present embodiment, even a user registered in the second cloud system 200 requests an authorization cooperation process for an uncooperative external service based on the service ID passed from the application. it can.

[Third embodiment]
A service cooperation system according to the third embodiment of the present invention will be described.
The range of authority (authorization scope) that an application requests for an external service varies depending on the application. For example, the required authorization scope differs between an application that reads and processes data from an external storage service and an application that stores processed data in the external storage service. Therefore, even if it is an external service that has already been linked to an authorization with an application, if you use another application that requires a wider authorization scope, you will need to authorize again with an authorization scope that corresponds to the other application. If you do not link, you can not use other apps.
Therefore, in the present embodiment, when an application that requires an unauthorized authorization scope is used, authorization cooperation is executed again for the authorization scope.

<Overview of user registration>
FIG. 13 is a diagram illustrating an example of a screen transition and a process overview related to a service cooperation process executed when an application of the second cloud system is used from the first cloud system. Note that description of the same screen as that shown in FIG. 11 is omitted as appropriate.

FIG. 13A is a diagram illustrating an example of a home screen 810 displayed on the MFP 500.
On the home screen 810, application buttons 811A and 811B for calling the applications A and B on the first cloud system 100 and application buttons 811a and 811b for calling the applications a and b on the second cloud system 200 are displayed. Yes.
In the present embodiment, the apps a and b are common in that the external service linked in the app is Storage Y, but the authorization scope that the app b requests for Storage Y is wider than the app a. In addition, it is assumed that the user registration process is performed for the application a (PrintFromStorageY), and the authorization cooperation process for the StorageY is completed for the necessary authorization scope (scope a) of the application a. Further, it is assumed that the application b (ScanToStorageY) is used for the first time, and the authorization cooperation with the StorageY is not performed for a part of the authorization scope (scope b) required by the application b.
When the user presses the application button 811b to instruct to call the application b, the browser screen changes to FIG.

FIG. 13B is a diagram illustrating an example of an application screen 820 provided by an application on the second cloud system 200. When the user presses the registration / authentication button 824, the screen of the browser 501 of the MFP 500 transitions to the screen shown in FIG.
FIG. 13C is a diagram showing an example of an ID / PW input screen 890 that allows the user to input a user ID and a password. When the user inputs the user ID and password in the ID / PW input field 891 and presses the OK button 892, and the login authentication is successful, the screen of the browser 501 transitions to the authorization cooperation screen shown in FIG.
FIG. 13D is a diagram illustrating an example of an authorization cooperation screen 850 that executes authorization cooperation with an external service. On the authorization cooperation screen 850, an authorization scope required by the application b is displayed. When the user accepts the displayed authorization scope for authorization cooperation between the application b and the external service, the user presses the permission button 851 to execute the authorization cooperation processing for the application b.

<Sequence chart>
Service cooperation processing in the second cloud system will be described. FIG. 14 is a sequence diagram illustrating processing related to service cooperation. Note that description of steps similar to those in FIG. 12 is omitted as appropriate.
Steps S301 to S325 are the same as steps S201 to S225.
In step S326, the user registration unit 212 determines the range of the authorization scope requested by the service associated with the service ID transmitted in step S321 and the authorization scope in which the external service determined in step S325 is linked to the authorization. . That is, the user registration unit 212 determines, based on the external service cooperation table, whether or not the authorization scope requested by the service is within the range of the authorization scope that is authorized and cooperated with the external service. If all or part of the authorization scope requested by the service is not permitted, re-authorization cooperation is required, and the process proceeds to step S227.
In step S227, the service authorization unit 214 requests an authorization cooperation screen from the external service 301 associated with the service ID.
In step S229, the external service 301 returns the authorization cooperation screen (FIG. 13 (d)).
In step S231, the service authorization unit 214 returns an authorization cooperation screen.
Since steps S333 to S341 are the same as steps S233 to S241, description thereof will be omitted.
As described above, according to the present embodiment, even when a plurality of apps having different authorization scopes are used on the second cloud system, by executing the authorization collaboration process again, each application can be connected to an external service. Can be used in conjunction with.

[Summary of Embodiments, Actions, and Effects of the Present Invention]
<First embodiment>
In this aspect, first user management means (functional module 101, first user management DB 102) that can register first user information related to a user of the first application (service application 112) on the first application when the first application is used. ), The second user information related to the user of the second application (service application 215) including the cooperation information between the first platform system (first cloud system 100) and the external service 301 before the use of the second application is started. And a second platform system (second cloud system 200) provided with a second user management means (second user management DB 204, user registration unit 212) to be registered with the service cooperation system 1, The platform system is the first platform When the second user information registration request is received on the second application called through the network system, the external service determination unit (service authorization unit 214) determines the external service linked to the second application. Service authorization means (service authorization unit 214) for requesting authorization cooperation processing for the external service, and the second user management means displays the authorization cooperation information representing the result of the authorization cooperation processing by the external service as user identification information. (Stored in an external service linkage table prepared for each user).

The first platform system is a system on the premise that user registration related to the first application is performed on the first application when the first application is used. On the other hand, the second platform system is a system on the premise that user registration related to the second application and authorization cooperation with the external service are performed before the use of the second application is started. If a user of the first platform system uses a service on the second platform system, there is a problem that the processing flow related to authorization registration with the user registration and the external service is different, so that the difference in processing is confused.
In this aspect, when the user of the first platform system uses the second application on the second platform system via the first platform system, the second application is performed in the same manner as when using the first platform system. User registration and authorization cooperation with external services can be implemented. In other words, since the user can perform authorization linkage between user registration and external services in a series of operations related to the second application, it is necessary to carry out authorization linkage between user registration and external services in advance. The second platform system can be used with the same feeling as the first platform system.

<Second embodiment>
In the service cooperation system 1 according to this aspect, the service authorization unit (service authorization unit 214) is configured to allow a user whose external service 301 determined by the external service determination unit (service authorization unit 214) requests registration of the second user information. On the other hand, when the external service is not linked, the authorization linked processing is requested to the external service.
Here, the service authorization unit requests authorization cooperation processing for an external service that cooperates with the second application for a user newly registered in the second platform system. The service authorization means authorizes a user who has already been registered in the second platform system when the user registration for the second application linked to the external service that is not linked to the authorization is requested. Request linkage processing.
As described above, according to this aspect, regardless of whether or not the user is registered as a user who uses the application of the second platform system, in the series of operations related to the second application, Authorization linkage can be implemented.

<Third embodiment>
In the service cooperation system 1 according to this aspect, the service authorization unit (service authorization unit 214) includes an unauthorized scope related to the user in the authorization scope requested by the second application (service application 215) to the external service 301. When there is an authorization scope, it is characterized by requesting the authorization cooperation related to the unauthorized scope of the external service.
Even if it is an external service that has already been coordinated with a registered user, the second application that is already registered as a user and the second application that is newly registered as a user require different authorization scopes from the external service. There is a case. Even in such a case, the authorization cooperation is performed in the series of user registration operations related to the new second application for the unauthorized authorization scope, so that the user can receive a complete service.

<Fourth embodiment>
In the service cooperation system 1 according to this aspect, the second platform system (second cloud system 200) includes a mail transmission unit (mail transmission unit 211) that transmits an e-mail, and a second user management unit (second user management). DB 204, user registration unit 212), when receiving a registration request for second user information from an unregistered user, transmits an address input screen 830 requesting input of an e-mail address, and second user information for the user A URL for user registration forming the input screen is generated, and the mail transmitting means transmits an e-mail describing the URL for user registration to the mail address input on the address input screen.

<Fifth embodiment>
In this aspect, first user management means (functional module 101, first user management DB 102) that can register first user information related to a user of the first application (service application 112) on the first application when the first application is used. ), The second user information related to the user of the second application (service application 215) including the cooperation information between the first platform system (first cloud system 100) and the external service 301 before the use of the second application is started. Service cooperation in a system (service cooperation system 1) to which a second platform system (second cloud system 200) including second user management means (second user management DB 204, user registration unit 212) to be registered is connected A first plug An external service determination step (step S143) for determining an external service linked to the second application when a registration request for the second user information is received on the second application called through the form system. Executing a service authorization step (step S161) for requesting an authorization cooperation process for the external service, and a step (step S164) for associating the authorization cooperation information representing the result of the authorization cooperation process by the external service with the user identification information. It is characterized by.
This aspect has the same effect as the first embodiment.

<Sixth embodiment>
In this aspect, first user management means (functional module 101, first user management DB 102) that can register first user information related to a user of the first application (service application 112) on the first application when the first application is used. ), The second user information related to the user of the second application (service application 215) including the cooperation information with the external service 301 is connected to the first platform system (first cloud system 100). A server (a server providing the second cloud system 200) provided with a second user management means (second user management DB 204, user registration unit 212) to be registered before the start of use, which is called through the first platform system. Second user on the second application An external service determination unit (service authorization unit 214) that determines an external service that cooperates with the second application when an information registration request is received, and a service authorization unit that requests an authorization cooperation process for the determined external service (The service authorization unit 214), and the second user management unit associates the authorization cooperation information representing the result of the authorization cooperation processing by the external service with the user identification information (in the external service cooperation table prepared for each user). It is memorized).
This aspect has the same effect as the first embodiment.

  DESCRIPTION OF SYMBOLS 1 ... Service cooperation system, 100 ... 1st cloud system (1st platform system), 101 ... Functional module (1st user management means), 102 ... 1st user management DB (1st user management means), 111 ... Launcher application 112 ... Service application (first application) 200 ... Second cloud system (second platform system) 201 ... Authentication module 202 ... GUI module 203 ... Service module 204 ... Second user management DB (second user) Management means), 211 ... mail transmitting section (mail transmitting means), 212 ... user registration section (second user management means), 213 ... user authentication section (user authentication means), 214 ... service authorization section (external service determination means, Service authorization means), 215 ... service application (second 217 ... cache, 300 ... external service group, 301 ... external service, 400 ... mail receiving server, 500 ... MFP, 501 ... browser, 510 ... controller, 511 ... CPU, 512 ... ROM, 513 ... RAM, 514 ... HDD, 515 ... operation display IF, 516 ... operation display unit, 517 ... communication IF, 518 ... engine control unit, 519 ... scanner engine, 520 ... print engine, 600 ... PC, 601 ... browser, 611 ... CPU, 612 ... ROM, 613 ... RAM, 614 ... HDD, 615 ... operation unit, 616 ... display unit, 617 ... communication IF, 700 ... client terminal, 701 ... browser, 702 ... UI unit, 703 ... Cookie holding unit, 704 ... Web storage, 810 ... Home screen, 811 ... App button 820 ... Application screen, 821 ... User list button, 822 ... Registration button, 823 ... Return button, 824 ... Registration / authentication button, 830 ... Address input screen, 831 ... Address input field, 840 ... User registration screen, 841 ... Save Button, 850 ... authorization cooperation screen, 851 ... permission button, 860 ... mail transmission completion screen, 870 ... user registration completion screen, 871 ... connect button, 880 ... authorization cooperation confirmation screen, 890 ... IF / PW input screen, 891 ... IF / PW input field, 892 ... OK button, 893 ... New registration button

Japanese Patent Laid-Open No. 2006-128966

Claims (6)

Includes linkage information between an external service and a first platform system provided with a first user management means capable of registering first user information relating to a user of the first application on the first application when the first application is used A second platform system comprising a second user management means for registering second user information relating to a user of the second application before the start of use of the second application, and a service cooperation system connected to the second platform system,
When the second platform system receives a registration request for the second user information on the second application called through the first platform system, the second platform system determines the external service linked to the second application. External service determination means for performing, and service authorization means for requesting the authorization cooperation processing for the determined external service,
The service cooperation system, wherein the second user management means associates authorization cooperation information representing a result of the authorization cooperation processing by the external service with user identification information.   The service authorization unit, when the external service determined by the external service determination unit is an unlinked external service for a user who requests registration of the second user information, The service cooperation system according to claim 1, wherein an authorization cooperation process is requested.   The service authorization means includes the unauthorized authorization for the external service when there is an unauthorized authorization scope for the user in the authorization scope requested by the second application for the external service. The service cooperation system according to claim 1, wherein the authorization cooperation process related to a scope is requested. The second platform system includes a mail transmission means for transmitting an email,
When the second user management means receives a registration request for the second user information from an unregistered user, the second user management means transmits an address input screen for requesting input of an e-mail address, and the second user information for the user Generate a user registration URL that forms an input screen for
4. The email transmission unit according to claim 1, wherein the email transmission unit transmits an email describing the user registration URL to the email address input on the address input screen. 5. Service linkage system. Includes linkage information between an external service and a first platform system provided with a first user management means capable of registering first user information relating to a user of the first application on the first application when the first application is used A second platform system comprising second user management means for registering second user information relating to a user of the second application before the start of use of the second application, and a service cooperation method in a connected system,
An external service determination step of determining the external service in cooperation with the second application when a registration request for the second user information is received on the second application called through the first platform system;
A service authorization step for requesting authorization cooperation processing for the determined external service;
Associating authorization cooperation information representing a result of the authorization cooperation processing by the external service with user identification information;
A service linkage method characterized by executing First user information related to a user of the first application is connected to a first platform system having a first user management means that can be registered on the first application when the first application is used, and cooperates with an external service. A server comprising second user management means for registering second user information relating to a user of the second application including information before the start of use of the second application,
An external service determination means for determining an external service linked to the second application when a registration request for the second user information is received on the second application called through the first platform system;
Service authorization means for requesting authorization cooperation processing for the determined external service, and
The server according to claim 2, wherein the second user management means associates authorization cooperation information representing a result of the authorization cooperation processing by the external service with user identification information.

Images