Policy and attribute based access to a resource
First Claim
Patent Images
1. A method for policy and attribute based access to a resource, comprising:
- interacting with a principal for authenticating the principal based on acquired identity information;
assembling an identity configuration for the principal;
generating a service contract for the principal, a service, and a resource, wherein the principal uses the service to access the resource, and wherein the service contract includes a selective number of resource access policies and attributes which are included in the identity configuration; and
transmitting an access statement to the principal for use when the principal interacts with the service.
11 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for controlling access to a resource based on access policies and attributes. A principal issues a request to a service for purposes of accessing a resource. The principal is authenticated and a service contract for the principal, the service, and the resource is generated. The service contract defines resource access policies and attributes which can be permissibly performed by the service on behalf of the principal during a session. Moreover, the session between the service and the resource is controlled by the service contract.
128 Citations
29 Claims
-
1. A method for policy and attribute based access to a resource, comprising:
-
interacting with a principal for authenticating the principal based on acquired identity information;
assembling an identity configuration for the principal;
generating a service contract for the principal, a service, and a resource, wherein the principal uses the service to access the resource, and wherein the service contract includes a selective number of resource access policies and attributes which are included in the identity configuration; and
transmitting an access statement to the principal for use when the principal interacts with the service. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for policy and attribute based access to a resource, comprising:
-
receiving a session request for access to a resource, wherein the session request is sent from a service and includes alias identity information for a principal;
mapping the alias identity information to identity information of the principal;
authenticating the identity information;
acquiring a service contract for the principal, the service, and the resource, wherein the service contract includes selective resource access policies and attributes which are permissibly used by the service on behalf of the principal; and
establishing a session with the service, wherein the session is controlled by the service contract. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A policy and attribute based resource access system, comprising:
-
an identity authenticator;
an identity configuration aggregator; and
a resource session administrator;
wherein the identity authenticator authenticates a principal for access to a resource based and generates a service contract, and wherein the identity configuration aggregator generates an identity configuration for the principal and the resource, the service contract defines selective resource access policies and attributes from the identity configuration, and wherein the resource session administrator establishes a session with a service and ensures that access attempts made by the service during the session conform to the service contract. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A policy and attribute based resource session manager, residing in a computer-accessible medium, comprising instructions for establishing a session with a resource, the instructions when executed performing the method of:
-
receiving alias identity information from a service, wherein the alias identity information is associated with a principal;
requesting a mapping of the alias identity information to principal identity information;
requesting authenticating of the identity information;
requesting a service contract for the principal, the service and a resource, wherein the service contract includes selective resource access policies and attributes derived from an identity configuration; and
establishing a session with the service and the resource, wherein the session is controlled by the service contract. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification