Computer-implemented authorization systems and methods using associations
First Claim
1. A computer-implemented method for accessing resource objects, comprising:
- receiving a request which involves performing an operation with respect to a resource object;
wherein the requested resource object has multiple associations with other objects;
wherein one or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein the authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
querying the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
querying the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
performing a comparison between the determined permissions and the requester'"'"'s access credential information;
wherein the comparison is used to determine whether to permit authorization of the operation with respect to the resource object.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented systems and methods for determining whether to authorize one or more operations with respect to resource objects. A system and method can include receiving a request that would involve an operation with respect to a resource object. The requested resource object may have multiple associations with other objects. One or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information. The authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object. The one or more data stores are queried in order to determine which authorization-related objects are associated with the requested resource object and in order to determine which permissions are associated with the determined authorization-related objects. A comparison is performed between the determined permissions and the requester'"'"'s access credential information. The comparison is used to determine whether to permit the operation with respect to the resource object.
-
Citations
23 Claims
-
1. A computer-implemented method for accessing resource objects, comprising:
-
receiving a request which involves performing an operation with respect to a resource object;
wherein the requested resource object has multiple associations with other objects;
wherein one or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein the authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
querying the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
querying the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
performing a comparison between the determined permissions and the requester'"'"'s access credential information;
wherein the comparison is used to determine whether to permit authorization of the operation with respect to the resource object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented system for accessing resource objects, wherein a request is received which involves accessing a resource object, wherein the requested resource object has multiple associations with other objects, said system comprising:
-
one or more data stores that store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein the authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
first software instructions configured to query the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
second software instructions configured to query the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
wherein a comparison is performed between the determined permissions and the requester'"'"'s access credential information;
wherein the comparison is used to determine whether to permit the accessing of the resource object. - View Dependent Claims (22)
-
-
23. A computer-implemented system for accessing resource objects, comprising:
-
means for receiving a request which involves accessing a resource object;
wherein the requested resource object has multiple associations with other objects;
wherein one or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
means for querying the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
means for querying the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
means for querying the one or more data stores in order to determine which of the requester'"'"'s access credential objects are associated with the determined authorization-related objects;
means for performing a comparison between the determined permissions and identity objects related to the determined requester'"'"'s access credential objects in order to determine whether to permit the accessing of the resource object.
-
Specification