Authorization token including fine grain entitlements
First Claim
1. A method of interpreting an authorization token, comprising:
- receiving, by a service from a client device, an authorization token;
validating, by the service, a signature of the authorization token;
identifying, by the service, an allowed function value associated with at least part of an entitlement representation contained in a body of the authorization token;
converting, by the service, the allowed function value to an allowed function bitmask that comprises bits at a plurality of bit positions that are set to values indicating whether a subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list; and
determining, by the service, whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user to access the service through the client device.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of interpreting an authorization token is described herein. The service can receive an authorization token from a client device, and validate a signature of the authorization token. The service can identify an allowed function value associated at least part of an entitlement representation contained in a body of the authorization token. The service can convert the allowed function value to an allowed function bitmask that includes bits at a plurality of bit positions that are set to values indicating whether the subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list. The service can determine whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user of the client device to access the service.
-
Citations
13 Claims
-
1. A method of interpreting an authorization token, comprising:
-
receiving, by a service from a client device, an authorization token; validating, by the service, a signature of the authorization token; identifying, by the service, an allowed function value associated with at least part of an entitlement representation contained in a body of the authorization token; converting, by the service, the allowed function value to an allowed function bitmask that comprises bits at a plurality of bit positions that are set to values indicating whether a subscriber element has attributes associated with each of the plurality of bit positions on a predefined attribute list; and determining, by the service, whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user to access the service through the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server of a service, comprising:
-
one or more processors; a communication connection; and memory storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising; receiving an authorization token from a client device; validating a signature of the authorization token; identifying an allowed function value associated with at least part of an entitlement representation contained in a body of the authorization token; converting the allowed function value to an allowed function bitmask that comprises bits at a plurality of bit positions that are set to values indicating whether a subscriber element has attributes associated each of the plurality of bit positions on a predefined attribute list; and determining whether the allowed function bitmask indicates that the subscriber element has one or more qualifying attributes that entitle a user to access the service through the client device. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification