Access control using impersonization
First Claim
Patent Images
1. A system, comprising:
- memory to store instructions that, as a result of being executed by one or more processors of the system, cause the system to at least;
obtain a request from a user for a web-based service;
obtain an authentication token comprising a signing key as a result of authenticating the request; and
determine, based on at least in part on information from the request, at least one other web-based service from a plurality of other web-based services and provide the authentication token on behalf of the user, from the web-based service, to the least one other web-based service to enable the at least one other web-based service to perform at least one operation in response to the request, wherein the at least one other web-based service decrypts the authentication token to obtain the signing key.
1 Assignment
0 Petitions
Accused Products
Abstract
A first service submits a request to a second service on behalf of a customer of a service provider. The request may have been triggered by a request of the customer to the first service. To process the request, the second service evaluates one or more policies to determine whether fulfillment of the request is allowed by policy associated with the customer. The one or more policies may state one or more conditions on one or more services that played a role in submission of the request. If determined that the policy allows fulfillment of the request, the second service fulfills the request.
-
Citations
20 Claims
-
1. A system, comprising:
memory to store instructions that, as a result of being executed by one or more processors of the system, cause the system to at least; obtain a request from a user for a web-based service; obtain an authentication token comprising a signing key as a result of authenticating the request; and determine, based on at least in part on information from the request, at least one other web-based service from a plurality of other web-based services and provide the authentication token on behalf of the user, from the web-based service, to the least one other web-based service to enable the at least one other web-based service to perform at least one operation in response to the request, wherein the at least one other web-based service decrypts the authentication token to obtain the signing key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A computer-implemented method, comprising:
-
obtaining a request from a user for a web-based service; obtaining an authentication token comprising a signing key as a result of authenticating the request; and providing the authentication token, from the web-based service, to at least one other web-based service, that is identified based on information from the request, to enable the at least one other web-based service to perform at least one operation in response to the request wherein the at least one other web-based service decrypts the authentication token to obtain the signing key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium comprising stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
obtain a request from a user for a web-based service; obtain an authentication token comprising a signing key as a result of authenticating the request; and provide the authentication token by sending the authentication token from the web-based service to at least one other web-based service to enable the at least one other web-based service to perform at least one operation in response to the request, wherein the at least one other web-based service is identified by information included in the request, wherein the at least one other web-based service decrypts the authentication token to obtain the signing key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification