Securely authorizing the performance of actions
First Claim
1. A method for an electronic device for authorizing the performance of actions, the method comprising:
- receiving a request to perform an action;
ascertaining one or more authentication ticket requirements that are related to authorizing performance of the action; and
pursuing at least one authentication ticket corresponding to at least a portion of the one or more authentication ticket requirements.
2 Assignments
0 Petitions
Accused Products
Abstract
Securely authorizing the performance of actions may be enabled by linking each secure/privileged action to a requisite policy for authorizing that secure/privileged action. In a described media implementation, one or more electronically-accessible media include electronically-executable instructions that, when executed, direct an electronic device to execute operations including: receiving an action performance request that is directed to a requested action; locating an authorization policy that is associated with the requested action from among multiple authorization policies, the authorization policy indicating how performance of the requested action can be authorized; and extracting at least one rule and one or more authentication ticket requirements from the authorization policy. Example operations may further include: determining whether one or more authentication tickets have been validated in accordance with the at least one rule and/or the one or more authentication ticket requirements; and if so, authorizing performance of the requested action.
81 Citations
76 Claims
-
1. A method for an electronic device for authorizing the performance of actions, the method comprising:
-
receiving a request to perform an action;
ascertaining one or more authentication ticket requirements that are related to authorizing performance of the action; and
pursuing at least one authentication ticket corresponding to at least a portion of the one or more authentication ticket requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An arrangement for authorizing the performance of actions, the arrangement comprising:
-
receiving means for receiving a request to perform an action;
ascertaining means for ascertaining one or more authentication ticket requirements that are related to authorizing performance of the action; and
pursuing means for pursuing acquisition of at least one authentication ticket corresponding to at least a portion of the one or more authentication ticket requirements. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. One or more electronically-accessible media comprising a database, the database comprising:
-
a plurality of entries that are each directed to an authorization policy, each authorization policy associated with at least one action of a plurality of actions;
each entry of the plurality of entries including at least one rule that stipulates how the authorization policy to which the entry is directed may be satisfied, the at least one rule including one or more authentication ticket requirements; and
wherein the database may be searched at least by the actions of the plurality of actions. - View Dependent Claims (16, 17, 18, 19)
-
-
20. One or more electronically-accessible media comprising a database, the database comprising:
-
a first entry that is directed to a first authorization policy that is associated with a first privileged action, the first entry including;
at least one first rule that stipulates how the first authorization policy can be satisfied to ensure that the first privileged action is performed responsive to a secure authentication; and
a second entry that is directed to a second authorization policy that is associated with a second privileged action, the second entry including;
at least one second rule that stipulates how the second authorization policy can be satisfied to ensure that the second privileged action is performed responsive to a secure authentication;
wherein the database is adapted to be searched with reference to a privileged action to locate an associated authorization policy. - View Dependent Claims (21, 22)
-
-
23. A system for authorizing the performance of actions, the system comprising:
one or more agents that are capable of receiving a plurality of action performance requests;
the one or more agents to consult a plurality of authorization policies, each authorization policy of the plurality of authorization policies associated with at least one action and indicating how performance of the at least one action can be authorized;
the one or more agents to pursue authorization for the plurality of action performance requests.- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
35. One or more electronically-accessible media comprising electronically-executable instructions that, when executed, direct an electronic device to execute operations comprising:
-
receiving a request for an action;
accessing an authorization policy that is associated with the requested action;
ascertaining one or more rules from the accessed authorization policy;
extracting at least one authentication ticket requirement from the one or more rules; and
determining if at least one validated authentication ticket that corresponds to the at least one authentication ticket requirement is acquired. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. An arrangement comprising:
agent means for authorizing performance of a requested action;
the agent means comprising;
access means for accessing an authorization policy, which is associated with the requested action, based on the requested action; and
determination means for determining whether the authorization policy is satisfied. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61)
-
62. An electronic device to authorize the performance of actions, the electronic device comprising:
-
one or more processors; and
one or more media including electronically-executable instructions, which may be executed by the one or more processors, to cause the electronic device to execute operations comprising;
receiving a request for an action;
locating the requested action at a particular authorization policy of a plurality of authorization policies;
ascertaining at least one rule from the particular authorization policy; and
extracting one or more authentication ticket requirements from the at least one rule. - View Dependent Claims (63, 64, 65)
-
-
66. One or more electronically-accessible media comprising electronically-executable instructions that, when executed, direct an electronic device to execute operations comprising:
-
receiving a plurality of performance requests, each respective performance request of the plurality of performance requests identifying a respective requested action; and
creating a respective action agent for each respective performance request of the plurality of performance requests, each respective action agent adapted to determine whether the respective requested action of each respective performance request is authorized to be performed responsive to an authorization policy that is associated with the respective requested action.
-
-
67. One or more electronically-accessible media comprising electronically-executable instructions that, when executed, direct an electronic device to execute operations comprising:
-
receiving an action performance request that is directed to a requested action;
locating an authorization policy that is associated with the requested action from among a plurality of authorization policies, the authorization policy indicating how performance of the requested action can be authorized; and
extracting at least one rule and one or more authentication ticket requirements from the authorization policy that is associated with the requested action. - View Dependent Claims (68, 69, 70, 71, 72, 73, 74, 75, 76)
-
Specification