Techniques for providing role-based security with instance-level granularity
First Claim
Patent Images
1. A method, comprising:
- detecting a request by a principal for access to a resource, wherein access is conditioned on a status of a role associated with the request, the principal, and the resource;
evaluating a constraint associated with the role to determine the status; and
providing the status to a context manager, which decides whether to provide access to the resource for purposes of satisfying the request.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing role-based security with instance-level granularity are provided. A security service detects a request made by a principal for access to a resource. Access to the resource is conditioned on a status of a role. The role is associated with the request, the principal, and the resource. The security service evaluates a constraint associated with the role to determine the status. The status is subsequently consumed to determine whether access to the resource for the purposes of satisfying the request is permissible.
147 Citations
25 Claims
-
1. A method, comprising:
-
detecting a request by a principal for access to a resource, wherein access is conditioned on a status of a role associated with the request, the principal, and the resource;
evaluating a constraint associated with the role to determine the status; and
providing the status to a context manager, which decides whether to provide access to the resource for purposes of satisfying the request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
detecting a request made by a principal for access to a resource, wherein access is contingent on a status of a role associated with the principal and a condition associated with the principal and the resource;
evaluating a constraint associated with the role to determine the status; and
providing the status, wherein the status is subsequently consumed to resolve the condition and determine whether access to the resource for the purposes of satisfying the request is permissible. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a role;
a constraint associated with the role; and
a security service, wherein the security service detects a request made by a principal for access to a resource, wherein access is contingent on a status of the role and a condition associated with the principal and the resource, and wherein the security service evaluates the constraint to determine the status, and wherein the security service provides the status to a context manager which controls access to the resource. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system, comprising:
-
a context manager; and
a security service, wherein a principal makes a request for access to a resource within an environment of the context manager, the security service detects the request and supplements a decision regarding access by at least one of resolving a role for the principal, evaluating a constraint associated with the role, and evaluating a condition associated with the principal and the resource, wherein the security service communicates an access decision to the context manager in a manner recognized by the context manager, the context manager decides in response to its own independent decision and in response to the security service'"'"'s access decision whether to grant access to the resource in order to satisfy the request of the principal. - View Dependent Claims (23, 24, 25)
-
Specification