Entity to authorize delegation of permissions
First Claim
1. A computer-implemented method, comprising:
- receiving, by one or more computing devices, a request from a security principal specifying a delegation profile of a user account associated with a service;
authorizing, by the one or more computing devices, the request by verifying that the security principal is authorized for the delegation profile according to a validation policy, the validation policy specifying a security principal authorized for the delegation profile, the delegation profile specifying one or more actions the security principal is allowed to perform with respect to the user account;
transmitting, by the one or more computing devices, one or more delegation credentials to the security principal, the one or more delegation credentials transmitted to authorize the security principal to perform the one or more actions with respect to the user account; and
authorizing the security principal to perform the one or more actions with respect to the user account based at least in part on the one or more delegation credentials.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by one or more computing devices, a request from a security principal specifying a delegation profile of a user account associated with a service; authorizing, by the one or more computing devices, the request by verifying that the security principal is authorized for the delegation profile according to a validation policy, the validation policy specifying a security principal authorized for the delegation profile, the delegation profile specifying one or more actions the security principal is allowed to perform with respect to the user account; transmitting, by the one or more computing devices, one or more delegation credentials to the security principal, the one or more delegation credentials transmitted to authorize the security principal to perform the one or more actions with respect to the user account; and authorizing the security principal to perform the one or more actions with respect to the user account based at least in part on the one or more delegation credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium storing instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
receive a request from a security principal specifying a delegation profile of a user account associated with a service; authorize the request by verifying that a security principal is authorized for the delegation profile according to a validation policy, the validation policy specifying a security principal authorized for the delegation profile, the delegation profile specifying one or more actions the security principal is allowed to perform with respect to the user account; transmit one or more delegation credentials to the security principal, the delegation credentials transmitted to authorize the security principal to perform the one or more actions with respect to the user account; and authorize the security principal to perform the one or more actions with respect to the user account based at least in part on the delegation credentials. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system, comprising:
-
at least one processor; and at least one memory device including instructions, that when executed, cause the system to; receive a request from a security principal specifying a delegation profile of a user account associated with a service; authorize the request by verifying that the security principal is authorized for the delegation profile according to a validation policy, the validation policy specifying a security principal authorized for the delegation profile, the delegation profile specifying one or more actions the security principal is allowed to perform with respect to the user account; and transmit one or more delegation credentials to the security principal, the one or more delegation credentials transmitted to authorize the security principal to perform the one or more actions with respect to the user account; and authorize the security principal to perform the one or more actions with respect to the user account based at least in part on the one or more delegation credentials. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification