Authority verification system, authority verification method, and computer-readable storage medium
First Claim
1. An authority verification system operable to verify an access authority for a resource, the system comprising a terminal apparatus, a resource server for providing a resource and an authentication/authorization server, whereinthe terminal apparatus includes at least a processor and at least a memory coupled to the at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the at least the processor to function as:
- a transmission unit configured to transmit a resource access request,the resource server includes at least a processor and at least a memory coupled to the at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the at least the processor to function as;
a per-resource user authority management unit configured to manage per-resource user authorities established for each resource; and
a verification request unit configured to, in response to receiving the resource access request, resolve a user authority for a specified resource based on a token included in the resource access request and transmit an authority verification request including the token and the resolved user authority to the authentication/authorization server,the authentication/authorization server includes at least a processor and at least a memory coupled to the at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the at least the processor to function as;
a user authority management unit configured to manage user authorities;
a refinement unit configured to confirm user authorities based on the token included in the authority verification request and determine an authority corresponding to the resolved user authority included in the authority verification request from among the confirmed user authorities as an access authority to be verified; and
a validation unit configured to determine whether access to the resource corresponding to the resource access request is permitted based on the access authority refined by the refinement unit,wherein the terminal apparatus that is a transmission source of the resource access request is allowed to access the resource in a case where it is determined that the access is permitted by the validation unit,wherein the authentication/authorization server further functions as;
a unit of the authority verification system configured to delegate a user authority to the transmission source of the resource access request and to issue an access token or a JSON web token indicating a delegation source user and a delegated authority, andwherein the user authority that the resource access request transmission source has is the delegated user authority that is indicated by the access token or the JSON web token, andthe authority necessary for the resource access request with respect to a designated resource of the resource access request is associated with the delegation source user for the user authority.
1 Assignment
0 Petitions
Accused Products
Abstract
A per-resource user authority management unit that manages user authorities per resource, a user authority refinement unit that refines authorities linked to a user by the per-resource user authorities, and an authority verification unit that determines whether execution of processing with respect to a resource is permitted by using an authority that has been refined by the user authority refinement unit are provided.
20 Citations
7 Claims
-
1. An authority verification system operable to verify an access authority for a resource, the system comprising a terminal apparatus, a resource server for providing a resource and an authentication/authorization server, wherein
the terminal apparatus includes at least a processor and at least a memory coupled to the at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the at least the processor to function as: -
a transmission unit configured to transmit a resource access request, the resource server includes at least a processor and at least a memory coupled to the at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the at least the processor to function as; a per-resource user authority management unit configured to manage per-resource user authorities established for each resource; and a verification request unit configured to, in response to receiving the resource access request, resolve a user authority for a specified resource based on a token included in the resource access request and transmit an authority verification request including the token and the resolved user authority to the authentication/authorization server, the authentication/authorization server includes at least a processor and at least a memory coupled to the at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the at least the processor to function as; a user authority management unit configured to manage user authorities; a refinement unit configured to confirm user authorities based on the token included in the authority verification request and determine an authority corresponding to the resolved user authority included in the authority verification request from among the confirmed user authorities as an access authority to be verified; and a validation unit configured to determine whether access to the resource corresponding to the resource access request is permitted based on the access authority refined by the refinement unit, wherein the terminal apparatus that is a transmission source of the resource access request is allowed to access the resource in a case where it is determined that the access is permitted by the validation unit, wherein the authentication/authorization server further functions as; a unit of the authority verification system configured to delegate a user authority to the transmission source of the resource access request and to issue an access token or a JSON web token indicating a delegation source user and a delegated authority, and wherein the user authority that the resource access request transmission source has is the delegated user authority that is indicated by the access token or the JSON web token, and the authority necessary for the resource access request with respect to a designated resource of the resource access request is associated with the delegation source user for the user authority. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An authority verification method for verifying an access authority for a resource, which is performed by an information processing system comprising a terminal apparatus, a resource server for providing a resource and an authentication/authorization server, the method comprising:
-
by the terminal apparatus, transmitting a resource access request, by the resource server, managing per-resource user authorities established for each resource; and by the resource server, in response to receiving the resource access request, resolving a user authority for a specified resource based on a token included in the resource access request and transmitting an authority verification request including the token and the resolved user authority to the authentication/authorization server, by the authentication/authorization server, managing user authorities; by the authentication/authorization server, confirming user authorities based on the token included in the authority verification request and determining an authority corresponding to the resolved user authority included in the authority verification request from among the confirmed user authorities as an access authority to be verified; by the authentication/authorization server, determining whether access to the resource corresponding to the resource access request is permitted based on the access authority refined, delegating a user authority to the transmission source of the resource access request, and issuing an access token or a JSON web token indicating a delegation source user and a delegated authority, wherein the terminal apparatus that is a transmission source of the resource access request is allowed to access the resource in a case where it is determined that the access is permitted, and wherein the user authority that the resource access request transmission source has is the delegated user authority that is indicated by the access token or the JSON web token, and the authority necessary for the resource access request with respect to a designated resource of the resource access request is associated with the delegation source user for the user authority.
-
Specification