Computer-implemented authorization systems and methods using associations
First Claim
1. A computer-implemented method for accessing resource objects, comprising:
- receiving a request which involves performing an operation with respect to a resource object;
wherein the requested resource object has multiple associations with other objects;
wherein one or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein the authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
querying the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
querying the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
performing a comparison between the determined permissions and the requester'"'"'s access credential information;
wherein the comparison is used to determine whether to permit authorization of the operation with respect to the resource object.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented systems and methods for determining whether to authorize one or more operations with respect to resource objects. A system and method can include receiving a request that would involve an operation with respect to a resource object. The requested resource object may have multiple associations with other objects. One or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information. The authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object. The one or more data stores are queried in order to determine which authorization-related objects are associated with the requested resource object and in order to determine which permissions are associated with the determined authorization-related objects. A comparison is performed between the determined permissions and the requester'"'"'s access credential information. The comparison is used to determine whether to permit the operation with respect to the resource object.
83 Citations
23 Claims
-
1. A computer-implemented method for accessing resource objects, comprising:
-
receiving a request which involves performing an operation with respect to a resource object;
wherein the requested resource object has multiple associations with other objects;
wherein one or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein the authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
querying the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
querying the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
performing a comparison between the determined permissions and the requester'"'"'s access credential information;
wherein the comparison is used to determine whether to permit authorization of the operation with respect to the resource object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented system for accessing resource objects, wherein a request is received which involves accessing a resource object, wherein the requested resource object has multiple associations with other objects, said system comprising:
-
one or more data stores that store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein the authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
first software instructions configured to query the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
second software instructions configured to query the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
wherein a comparison is performed between the determined permissions and the requester'"'"'s access credential information;
wherein the comparison is used to determine whether to permit the accessing of the resource object. - View Dependent Claims (22)
-
-
23. A computer-implemented system for accessing resource objects, comprising:
-
means for receiving a request which involves accessing a resource object;
wherein the requested resource object has multiple associations with other objects;
wherein one or more data stores are used to store interrelationships among resource objects, authorization-related objects, and access permission information;
wherein authorization-related objects are configured to specify whether a requester should be granted or denied access to a requested object;
means for querying the one or more data stores in order to determine which authorization-related objects are associated with the requested resource object;
means for querying the one or more data stores in order to determine which permissions are associated with the determined authorization-related objects;
means for querying the one or more data stores in order to determine which of the requester'"'"'s access credential objects are associated with the determined authorization-related objects;
means for performing a comparison between the determined permissions and identity objects related to the determined requester'"'"'s access credential objects in order to determine whether to permit the accessing of the resource object.
-
Specification