DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 3/10/2021, for application 15/012,487 has been entered. 
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 3/10/2021.
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Ms. Bethany K. Love (Reg. No. 70,070) on April 9, 2021.  During the telephone conference, Ms. Love has agreed and authorized the Examiner to amend Claims 1, 11, and 18, and to cancel claim 5.

Claims
Replacing Claims 1, 11, and 18 and canceling claim 5 as following:
Claim 1:	 (Currently Amended) A method performed by a computing system, the method comprising:
receiving from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization, the request data including metadata that indicates an identity of an organization on behalf of which the request is being sent, wherein the client component provides an account switching feature, the account switching feature allowing the user to select an organization on behalf of which requests are to be sent;
using an authentication database, performing an authentication process to create principal data and role data associated with the request, the principal data identifying the user; 
after performing the authentication process, identifying the organization on behalf of which the request is being sent;
obtaining, from the authentication database, a set of privileges for the user within the identified organization, the set of privileges defining what resources the user may access on behalf of the identified organization;
replacing the principal data with updated principal data based on the set of privileges obtained from the authentication database, the updated principal data replacing an identifier of the user with an identifier of the identified organization; 

forwarding the request to the service component, wherein the forwarding occurs after updating both the principal data and the role data.	


Claim 5:	 (Cancelled)  


Claim 11:	 (Currently Amended)	A computing system comprising:
	a processor; and
	a memory, the memory comprising machine readable instructions that when executed by the processor, cause the system to:
receive from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization, the request data including metadata that indicates an identity of an organization on behalf of which the request is being sent, wherein the client component provides an account switching feature, the account switching feature allowing the user to select an organization on behalf of which requests are to be sent;
using an authentication database, perform an authentication process to create principal data and role data associated with the request, the principal data identifying the user;
after performing the authentication process, identify the organization on behalf of which the request is being sent;

replace the principal data with updated principal data based on the set of privileges obtained from the authentication database, the updated principal data replacing an identifier of the user with an identifier of the identified organization; 
update the role data associated with the request to create updated role data that
forward the request to the service component, wherein the forwarding occurs after updating both the principal data and the role data.	

Claim 18:	 (Currently Amended) A method comprising:
receiving a request from a client component of an enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization, the request data including metadata that indicates an identity of an organization on behalf of which the request is being sent, wherein the client component provides an account switching feature, the account switching feature allowing the user to select an organization on behalf of which requests are to be sent;
	using an authentication database and authentication data created from an authentication process, the authentication data including [[performing]] principal data and role data associated with the request, the principal data identifying the user;

obtaining, from the authentication database, a set of privileges for the user within the identified organization, the set of privileges defining what resources the user may access on behalf of the identified organization;
replacing the principal data with updated principal data based on the set of privileges obtained from the authentication database, the updated principal data replacing an identifier of the user with an identifier of the identified organization; 
	updating the role data associated with the request to create updated role data that includes the set of privileges for the user within the identified organization, the updated role data being based on the set of privileges obtained from the authentication database; and
forwarding the request to a service component, wherein the forwarding occurs after updating both the principal data and the role data.	


Examiner's Statement of reason for Allowance
Claims 1, 3, 4, 6-11, 13-18, and 20-23 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed to a method and a system for performing an authentication process to create principal data and role data associated with the request, the principal data identifying a user. The method further includes using the authentication data and request data, determining a current tenant of the client component. The method 
The closest prior art, as previously recited, Rachalwar (US20150358331), Durazzo (US20140053280), Roth (US10211977), and Valbuena (US20150100698), are also generally directed to various aspects roles, principals, privileges, and organizations.  However, none of Rachalwar, Durazzo, Roth, and Valbuena teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, claims 1, 11, and 18.  For example, none of the cited prior art teaches or suggest the steps of receiving from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization, the request data including metadata that indicates an identity of an organization on behalf of which the request is being sent, wherein the client component provides an account switching feature, the account switching feature allowing the user to select an organization on behalf of which requests are to be sent; replacing the principal data with updated principal data based on the set of privileges obtained from the authentication database, the updated principal data replacing an identifier of the user with an identifier of the identified organization; and forwarding the request to the service component, wherein the forwarding occurs after updating both the principal data and the role data.	
.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/W.J.M/Examiner, Art Unit 2439                          


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439