Controlling access to computer resources
First Claim
Patent Images
1. A computer system comprising:
- one or more computer readable storage devices configured to store;
a first qualification object specifying a first qualification;
a first use case object indicating a first purpose, the first use case object being associated with the first qualification object;
a first resource object representing a first computer resource, the first resource object linked with at least the first use case object;
a first user object representing a first user, the first user object indicating one or more qualifications of the first user; and
a plurality of computer readable instructions; and
one or more processors configured to execute the plurality of computer readable instructions to cause the computer system to perform operations comprising;
receiving an authentication credential provided by the first user;
authenticating the first user based at least in part on the authentication credential;
receiving, from the first user, an indication of the first purpose of the first use case object, wherein the first use case object is linked with one or more resource objects and is associated with one or more user actions that the first user can take, wherein the linked one or more resource objects include the first resource object;
determining authorizations of the first user to the linked one or more resource objects that are linked to the first use case object;
determining that the qualifications of the first user satisfy the first qualification of the first qualifications object that is associated with the first use case object; and
based at least in part on receiving the indication of the first purpose of the first use case object, and based at least in part on the first use case object being linked to the first resource object, and further based at least in part on the determined authorizations of the first user, providing the first user with access to the first computer resource represented by the first resource object.
8 Assignments
0 Petitions
Accused Products
Abstract
A system is described for controlling access to resources using an object model. Users can specify use cases for accessing resources. The user may be granted access if the user satisfies qualifications required for accessing the resource, selected a use case permissible for accessing the resource, and satisfies qualifications required for the use case. Use cases, qualifications, resources, and/or links between them can be implemented using an object model. The system can be used in addition to authentication and authorization.
-
Citations
19 Claims
-
1. A computer system comprising:
-
one or more computer readable storage devices configured to store; a first qualification object specifying a first qualification; a first use case object indicating a first purpose, the first use case object being associated with the first qualification object; a first resource object representing a first computer resource, the first resource object linked with at least the first use case object; a first user object representing a first user, the first user object indicating one or more qualifications of the first user; and a plurality of computer readable instructions; and one or more processors configured to execute the plurality of computer readable instructions to cause the computer system to perform operations comprising; receiving an authentication credential provided by the first user; authenticating the first user based at least in part on the authentication credential; receiving, from the first user, an indication of the first purpose of the first use case object, wherein the first use case object is linked with one or more resource objects and is associated with one or more user actions that the first user can take, wherein the linked one or more resource objects include the first resource object; determining authorizations of the first user to the linked one or more resource objects that are linked to the first use case object; determining that the qualifications of the first user satisfy the first qualification of the first qualifications object that is associated with the first use case object; and based at least in part on receiving the indication of the first purpose of the first use case object, and based at least in part on the first use case object being linked to the first resource object, and further based at least in part on the determined authorizations of the first user, providing the first user with access to the first computer resource represented by the first resource object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification