Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This advisory action is in response to an “After Final” application filed on 09/16/2021. In
the response, no claims have been amended.

For this office action, claims 1-20 have been received for consideration and have been
examined.
Response to Arguments
Claim Rejections under 35 U.S.C. § 103
	Applicant’s remarks regarding claim rejections under 35 U.S.C. § 103 have been
reviewed by the examiner, however, examiner does not find them persuasive. After review,
applicant’s remarks have been summarized as follows:
Subramanian and Batson fails to teach or suggest at least policy executor logic configured to “execute a user authentication process that is defined by the identity policy and that includes providing the UI to the application over the network, subsequent to receiving the call and prior to receiving the token request, and based on an identity policy indicator received from the application according to a user selection of the identity policy via the application” (Pages 9-10).
Subramanian does not discloses the provision of a UI associated with a specified policy to a remote application based on a call from the remote application. At best, it appears Subramanian only allows for different types of credentials to be received from a user via Page 11 ).
Applicant also respectfully asserts that Batson fails to remedy the deficiencies of Subramanian. In Batson, the application/resource can be configured based on user credentials, but Batson does not disclose that a UI to browse for an application/resource is "a user interface (UI) that is associated with the identity policy" which was specified in a prior call from the application and that is one of a plurality of identity policies for dynamic deployment on behalf of the application, as called for in claim 1. Therefore, Subramanian fails to teach this claim 1 feature, and Batson fails to remedy the deficiencies of Subramanian (Page 12).
Examiner’s Response
Regarding remark # 1 that Subramanian and Batson fails to teach or suggest at least policy executor logic configured to “execute a user authentication process that is defined by the identity policy and that includes providing the UI to the application over the network, subsequent to receiving the call and prior to receiving the token request, and based on an identity policy indicator received from the application according to a user selection of the identity policy via the application”, examiner respectfully disagrees. 
Examiner would like to mention that secondary reference of Batson clearly discloses in light of FIG. 5 that illustrates a method of using single sign-on functionality for providing a user authentication interface according to the policy and further providing user interface of an application according to the defined policy and executed user authentication process (Batson: [0087] As seen in FIG. 5, the method may begin at step 505 in which an identity credential may be received at an enterprise application store; [0090] if it is determined, in step 510, that the identity credential is valid, then in step 520, an enterprise application store interface may be provided. For example, in providing an enterprise application store interface in step 520, the enterprise application store may generate one or more user interfaces and/or cause the one or more user interfaces to be displayed; [0092] In step 530, the application may be configured based on the identity credential. For example, in step 530, the enterprise application store may configure the software application (e.g., the software application request in step 525) based on the SSO credential that was received in step 505 and/or validated in step 510. In configuring the application based on the identity credential, the enterprise application store may, for instance, establish one or more user-specific settings based on the identity credential, apply one or more management policies to the application based on the identity credential).
Regarding remark # 2 that Subramanian does not discloses the provision of a UI associated with a specified policy to a remote application based on a call from the remote application, examiner respectfully disagrees. Subramanian comprehensively discloses generating a user interface according to a policy if access to a particular application is allowed and also discloses what particular authentication method of access is allowed to gain access to the application (Subramanian: [0090] The IDCS infrastructure services support the functionality of IDCS platform services. These runtime services include … an SSO service (for managing internal user authentication and SSO); a user interface (“UI”) service (for hosting different types of UI clients); [0195] a sign-on policy or access policy indicates how a user is authenticated to access an application; [0126] In one embodiment, a policy dictates if access to a particular resource identified through a request endpoint is allowed and what particular method of access is allowed to gain access to the resource. In one embodiment, for example, “/admin/v1/HTTPAuthenticator” is the endpoint for validating user credentials for browser-based HTTP Basic authentication, and the resource in this case is a credential validation service. In one embodiment, for example, a public access policy for a tenant may indicate that anyone in that tenant can access a resource (e.g., “/ui/v1/signin” which is the publicly-visible endpoint for the login page, “/ui/v1/pwdmustchange” and “/ui/v1/resetpwd” for password change and reset pages, etc.; Also see FIG. 11; [0367-0370] for Login/Logout Flow). 
Subramanian further discloses an idea of using disclosed Identity Cloud Service (IDCS) as OpenID Connect (OIDC) relaying party for a social identity platform which enables customers of social media platform to get access to various third party applications through their social identities and policy-based access to applications which is equivalent to claimed provision of a UI associated with a specified policy to a remote application based on a call from the remote application (Subramanian: [0082] the integration of IDCS as OIDC RP with social OIDC OP (e.g., Facebook, Google, etc.) enables customers to allow social identities policy-based access to applications; [0196] In one embodiment, the SSO service is a common controller system that can be used for any protocol (e.g., OAuth, SAML, social token, social service, etc; [0197] In one embodiment, the SSO service defines a complete login ceremony as a common logic. The login ceremony dictates how a user is logged in, which factors are used for authentication, how the system performs the factor authentication, how the orchestration happens between the user and the IDCS SSO service, etc; [0198] In one embodiment, the complete login ceremony happens between the SSO service and UI interactions; [0199] For example, for authentication based on user ID and password, the embodiment implements a plug-in to go to the identity store that includes the user ID and password … As another example, if the user provides a certificate of user credentials such as an X.509 certificate, the SSO service determines the appropriate authentication module, which in this case is a certificate module; [0200] the SSO service may determine to go to a multifactor authentication plug-in to authenticate a user. The SSO service orchestrates the requirements for each plug-in; [0201] Accordingly, the SSO service orchestrates the entire login ceremony for different types of user authentication). 
Regarding remark # 3, examiner would like to mention that this remark is quite similar to remark # 1, and examiner has already addressed this in above mentioned response. Therefore examiner respectfully disagrees with the remark that Batson does not disclose that a UI to browse for an application/resource is "a user interface (UI) that is associated with the identity policy".
In view of above explanation, examiner would like to note that cited references of Subramanian and Batson are an analogous and comparable references which clearly discloses same subject matter as being claimed in the instant application. Examiner notes that the instant application is claiming “Methods for composable user journeys for user authentication via an identity experience framework” which is a comprehensive feature set, that is used internally for Microsoft services like Azure Active Directory Business to Consumer (B2C) that allows for seamless user experiences from applications, such as but 
In the same vein Subramanian discloses providing single sign-on (“SSO”) functionality in an Identity Cloud Service (“IDCS”) that provides a multi-tenant, cloud-scale, identity and access management (“IAM”) platform which is part of “Oracle® IAM Suite” from Oracle Corp. Subramanian discloses SSO functionality which is implemented by providing a global session and then generating protocol-specific tokens based on the global session. Examiner would like highlight that Subramanian’s disclosure teaches similar concept as being claimed by the instant application. This concept of Subramanian is quite similar to Microsoft® Azure Identity Experience Framework (IEF) which provides user journeys such as self-service sign-up (Sign-up), single sign-on (SSO) (Sign-in), sign-up or sign-in (Sign-up or Sign-in), profile editing (Edit your profile), and self-service password reset (Reset your password).
Batson also discloses controlling access to application store through single sign-on functionality with an enterprise application. The software application may be configured, at the enterprise application store, based on a single sign-on credential. The configured software application then may be provided, by the enterprise application store, to at least one recipient device associated with the single sign-on credential.
Based on above explanation and citations, one of the ordinary person skilled in the art before the effective filing date of the claimed invention would be motivated to combine the references of Subramanian and Batson and have a system and method as being claimed in the instant application. 
Therefore, examiner is compelled to maintain the rejection. 

/SYED A ZAIDI/Primary Examiner, Art Unit 2432