Permissions decisions in a service provider environment

US 10,382,449 B2
Filed: 07/17/2017
Issued: 08/13/2019
Est. Priority Date: 06/27/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system, comprising:

at least one processor; and

memory including instructions that, when executed by the at least one processor, cause the computer system to;

receive a request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party, wherein a delegation profile for the appliance specifies one or more permissions needed to make the change to the virtual infrastructure of the second account;

receive a request by the second party for the appliance;

validate that the appliance has been provided to the second account; and

grant access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Accordingly, approaches for delegating security rights and privileges for services and resources in an electronic and/or multi-tenant environment are provided. In particular, various embodiments provide approaches for dynamically determining and authorizing delegation of permissions to perform actions in, on, or against one or more secured accounts, where those accounts may be associated with a number of different entities and/or resource providers.

32 Citations

20 Claims

1. A computer system, comprising:
- at least one processor; and
  
  memory including instructions that, when executed by the at least one processor, cause the computer system to;
  
  receive a request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party, wherein a delegation profile for the appliance specifies one or more permissions needed to make the change to the virtual infrastructure of the second account;
  
  receive a request by the second party for the appliance;
  
  validate that the appliance has been provided to the second account; and
  
  grant access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - determine that the second party has a valid subscription to use the appliance.
  - 3. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - enable the delegation profile based at least in part on having received the request by the second party for the appliance, the delegation profile including an authorization policy, the authorization policy specifying the one or more permissions.
  - 4. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - meter use of the appliance by the second party.
  - 5. The computer system of claim 3, wherein the instructions when executed further cause the computer system to:
    - receive a request to list the appliance on an electronic marketplace; and
      
      list the appliance and the one or more permissions specified by the authorization policy in the electronic marketplace.
  - 6. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - receive an indication of a request to use the appliance by the second party; and
      
      enable a license to use the appliance for at least a period of time.
  - 7. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - receive an indication that the second party is not permitted to access the appliance; and
      
      deny a request by the first party to access the virtual infrastructure associated with the second party.
  - 8. The computer system of claim 7, wherein the instructions when executed further cause the computer system to:
    - receive an indication including at least one of an indication that the second party no longer desires to use the appliance or an indication that a license period associated with a license to use the appliance has expired.
  - 9. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - determine an update of a license to use the appliance, the update corresponding to a change in at least one feature of the appliance; and
      
      adjust at least one permission of the one or more permissions based at least in part on the update of the license.
  - 10. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - determine the one or more permissions based at least in part on one or more rules that map determined actions of the appliance to one or more permission elements.
  - 11. The computer system of claim 1, wherein the instructions when executed further cause the computer system to:
    - receive an indication of a selection of the one or more permissions from the second party;
      
      use a set of permissions requested by the second party;
      
      use a default set of the one or more permissions associated with the appliance in response to no permissions being received the second party;
      
      ordetermine at least one action to be performed by the appliance and map the at least one action to at least one permission.
  - 12. The computer system of claim 11, wherein the instructions when executed further cause the computer system to:
    - receive an indication of a selection of the one or more permissions, the indication of a selection being performed by one of a text input, a selection of a permission element in a drop-down menu, or a detection of no input by the second party.

13. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to:
- receive a request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party, wherein a delegation profile for the appliance specifies the one or more permissions needed to make the change to the virtual infrastructure of the second account;
  
  receive a request by the second party for the appliance;
  
  validate that the appliance has been provided to the second account; and
  
  grant access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile.
- View Dependent Claims (14, 15, 16)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the instructions when executed further cause the computer system to:
    - enable use of the delegation profile based at least in part on having received the request by the second party for the appliance, the delegation profile including an authorization policy, the authorization policy specifying the one or more permissions.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions when executed further cause the computer system to:
    - determine, using the delegation profile, that the first party is authorized to make a change in virtual infrastructure of the second account based at least in part on the second party having purchased a subscription to the appliance.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the instructions when executed further cause the computer system to:
    - determine that the second party has unsubscribed from the appliance; and
      
      disable use of the delegation profile by the first party.

17. A computer-implemented method, comprising:
- receiving a first request from a first party with a first account with a service provider to make a change in virtual infrastructure of a second account corresponding to a second party and hosted by the service provider, the request to configure, for an appliance, the virtual infrastructure of the second account, the appliance provided by the first party wherein a delegation profile specifies one or more permissions to make the change to the virtual infrastructure of the second account;
  
  receiving a request by the second party for the appliance;
  
  validating that the appliance has been provided to the second account; and
  
  granting access to the first party for the virtual infrastructure of the second account, the access being subject to the one or more permissions specified by the delegation profile.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented method of claim 17, wherein validating that the second party may access the appliance further comprises at least one of:
    - determining that the second party has a valid subscription to the appliance;
      
      orenabling a license to use the appliance for at least a period of time.
  - 19. The computer-implemented method of claim 17, further comprising:
    - determining the one or more permissions associated with the delegation profile by one of;
      
      receiving an indication of a selection of the one or more permissions from the second party;
      
      using a default set of the one or more permissions;
      
      using a set of the one or more permissions requested by the first party; and
      
      determining at least one action to be performed by the appliance and mapping the at least one action to at least one permission.
  - 20. The computer-implemented method of claim 17, further comprising:
    - disabling use of the delegation profile in response to determining at least one of;
      
      that a license to the appliance has expired;
      
      orthat the second party has unsubscribed from the appliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brandwine, Eric Jason
Primary Examiner(s)
Turchen, James R

Application Number

US15/652,198
Publication Number

US 20170359356A1
Time in Patent Office

757 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/1086   Superdistribution

G06F 21/604   Tools and structures for ma...

H04L 41/50   Network service management,...

H04L 63/08   for authentication of entit...

H04L 63/108   when the policy decisions a...

H04L 67/10   in which an application is ...

Permissions decisions in a service provider environment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Permissions decisions in a service provider environment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links