Access authorization API
First Claim
1. A computer-readable storage medium whose contents cause a computer to:
- receive from a first process a request to set a policy on a second process;
determine whether the first process possesses adequate privilege to set the policy on the second process; and
responsive to determining that the first process possesses adequate privilege, set the policy on the second process, such that the policy is applied to the second process in performing access control checks to determine whether the second process has authorization to access a resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A facility for setting and revoking policies is provided. The facility receives a request from a controlling process a request to set a policy on a controlled process, and determines whether the controlling process has privilege to set the policy on the controlled process. If the facility determines that the controlling process has privilege to set the policy on the controlled process, the facility sets the policy on the controlled process, which causes the policy to be applied to the controlled process to determine whether the controlled process has authorization to access one or more resources.
100 Citations
39 Claims
-
1. A computer-readable storage medium whose contents cause a computer to:
-
receive from a first process a request to set a policy on a second process;
determine whether the first process possesses adequate privilege to set the policy on the second process; and
responsive to determining that the first process possesses adequate privilege, set the policy on the second process, such that the policy is applied to the second process in performing access control checks to determine whether the second process has authorization to access a resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable storage medium whose contents cause a computer to:
-
submit a first request to set a self-imposed policy to a first policy;
submit at least one request to access a first resource;
submit a second request to set a self-imposed policy to a second policy; and
submit at least one request to access a second resource, such that the first policy is used to determine whether there is authorization to access the first resource, and the second policy is used to determine whether there is authorization to access the second resource. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer-readable storage medium whose contents cause a computer to:
-
receive from a first process a request to set a self-imposed revocable policy on itself to a first policy;
set the policy on the first process to the first policy;
return an identifier to the first process;
receive from the first process at least one request to access a first resource;
apply the first policy to the request to access the first resource to determine whether the first process has authorization to access the first resource;
receive from the first process a request to revoke the first policy;
authenticate the request to revoke the first policy; and
subsequent to authenticating the request to revoke the first policy, revoke the first policy. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer-readable storage medium whose contents cause a computer to:
-
receive from a first process a request for a resource provided by the process, the request includes an identifier;
impersonate the first process;
determine whether the first process has authorization to request the resource;
subsequent to determining that the first process has authorization to request the resource, process the request for the resource. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A method in a computer system for setting a policy on a controlled process executing on the computer system, the method comprising:
-
receiving from a controlling process a request to set a policy on the controlled process;
determining whether the controlling process has privilege to set the policy on the controlled process; and
responsive to determining that the controlling process has privilege to set the policy on the controlled process, setting the policy on the controlled process, such that the policy is applied to the controlled process in performing access control checks to determine whether the controlled process has authorization to access a resource. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification