System and/or method for role-based authorization
First Claim
Patent Images
1. A method comprising:
- hosting instances of an agent to process security metadata requests from a plurality of applications;
querying one or more authentication sources to authenticate a user attempting to access a selected one of said plurality of applications and/or a portion thereof;
obtaining authorization metadata indicative of a role associated with said authenticated user from an application agnostic authorization metadata service based, at least in part, on said selected one of said plurality of applications and/or portion thereof; and
affecting runtime behavior of said selected one of said plurality of applications based, at least in part, on said metadata indicative of said role, wherein said application is constructed from role agnostic source code.
1 Assignment
0 Petitions
Accused Products
Abstract
The subject matter disclosed herein relates to authenticating an identity of users desiring access to an application program and determining whether an authenticated user is authorized to access one or more aspects of the application program.
108 Citations
52 Claims
-
1. A method comprising:
-
hosting instances of an agent to process security metadata requests from a plurality of applications;
querying one or more authentication sources to authenticate a user attempting to access a selected one of said plurality of applications and/or a portion thereof;
obtaining authorization metadata indicative of a role associated with said authenticated user from an application agnostic authorization metadata service based, at least in part, on said selected one of said plurality of applications and/or portion thereof; and
affecting runtime behavior of said selected one of said plurality of applications based, at least in part, on said metadata indicative of said role, wherein said application is constructed from role agnostic source code. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
a security metadata service to process security metadata requests from a plurality of applications; and
middleware responsive to said security metadata requests from said plurality of applications to;
query one or more authentication sources to authenticate a user attempting to access a selected one of said plurality of applications and/or portions thereof; and
obtain authorization metadata indicative of a role associated with said authenticated user based, at least in part, on said selected one or more of said plurality of applications and/or portions thereof, said selected one or more said applications being constructed from role agnostic source code and being capable of affecting runtime behavior of said selected one or more of said applications based, at least in part, on said role indicated by said authorization metadata. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. An apparatus comprising:
-
a computing platform, the computing platform being adapted to;
process security metadata requests from a plurality of applications and or portions thereof;
query one or more authentication sources to authenticate a user attempting to access a selected one of said plurality of applications and/or portions thereof; and
obtain authorization metadata indicative of a role associated with said authenticated user based, at least in part, on said selected one or more of said plurality of applications and/or portions thereof, said selected one or more said applications being constructed from role agnostic source code and being capable of affecting runtime behavior of said selected one or more of said applications based, at least in part, on said role indicated by said authorization metadata. - View Dependent Claims (13, 14, 15)
-
-
16. An article comprising:
-
a storage medium comprising machine-readable instructions stored thereon to;
process security metadata requests from a plurality of applications and or portions thereof;
query one or more authentication sources to authenticate a user attempting to access a selected one of said plurality of applications and/or portions thereof; and
obtain authorization metadata indicative of a role associated with said authenticated user based, at least in part, on said selected one or more of said plurality of applications and/or portions thereof, said selected one or more said applications being constructed from role agnostic source code and being capable of affecting runtime behavior of said selected one or more of said applications based, at least in part, on said role indicated by said authorization metadata. - View Dependent Claims (17, 18, 19)
-
-
20. An apparatus comprising:
-
means for hosting instances of an agent to process security metadata requests from a plurality of applications;
means for querying one or more authentication sources to authenticate a user attempting to access a selected one of said plurality of applications and/or a portion thereof;
means for obtaining authorization metadata indicative of a role associated with said authenticated user from an application agnostic authorization metadata service based, at least in part, on said selected one of said plurality of applications and/or portion thereof; and
means for affecting runtime behavior of said selected one of said plurality of applications based, at least in part, on said metadata indicative of said role, wherein said application is constructed from role agnostic source code. - View Dependent Claims (21, 22)
-
-
23. A method comprising:
-
hosting a plurality of applications and/or portions thereof requiring authentication and/or authorization for access by one or more users;
maintaining a database of authorization metadata indicative of roles associated with said one or more users and said plurality of applications and/or portions thereof;
querying said database for authorization metadata associated with a particular one of said applications and/or portions thereof in response to an attempt to access said particular one of said applications and/or portions thereof by a user; and
selectively affecting runtime execution of said application based, at least in part on a role associated with said user indicated by said authorization metadata, said application being constructed from role agnostic source code. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. An apparatus comprising:
-
one or more computing platforms to host a plurality of applications and/or portions thereof requiring authentication and/or authorization for access by a user;
a database to store authorization metadata associated with said plurality of applications; and
a security metadata service to query said database for authorization metadata associated with individual ones of said applications and/or portions thereof, wherein said one or more computing platforms are capable of selectively affecting runtime execution of said application based, at least in part, on a role associated with said user indicated by said authorization metadata, said application being constructed from role agnostic source code. - View Dependent Claims (32)
-
-
33. An apparatus comprising:
-
a computing platform, the computing platform being adapted to;
maintain a database of authorization metadata associated with a plurality of applications and/or portions thereof hosted in an enterprise; and
process queries of said database for authorization metadata associated with individual ones of said applications and/or portions thereof, said authorization metadata being indicative of a role associated with a user, wherein runtime execution of said individual ones of said applications and/or portions thereof is capable of being affected based, at least in part on a role associated with said user indicated by said authorization metadata, said individual ones of said applications and/or portions thereof being constructed from role agnostic source code. - View Dependent Claims (34)
-
-
35. An article comprising:
-
a storage medium comprising machine-readable instructions stored thereon to;
maintain a database of authorization metadata associated with a plurality of applications hosted in an enterprise; and
process queries of said database for authorization metadata associated with individual ones of said applications and/or portions thereof, said authorization metadata being indicative of a role associated with a user, wherein runtime execution of said individual ones of said applications and/or portions thereof is capable of being affected based, at least in part on a role associated with said user indicated by said authorization metadata, said individual ones of said applications and/or portions thereof being constructed from role agnostic source code.
-
-
36. The article of claim 36, wherein said queries are generated in response to attempts to access said individual ones of said applications.
-
37. A method comprising:
-
hosting one or more applications accessible by one or more users, at least one of said one or more users being associated with a role; and
affecting runtime behavior of at least one of said applications based, at least in part, on said role, wherein said at least one of said applications is constructed from role agnostic source code. - View Dependent Claims (38, 39, 40)
-
-
41. An apparatus comprising:
-
means for hosting one or more applications accessible by one or more users, at least one of said one or more users being associated with a role; and
means for affecting runtime behavior of at least one of said applications based, at least in part, on said role, wherein said at least one of said applications is constructed from role agnostic source code. - View Dependent Claims (42, 43, 44)
-
-
45. An apparatus comprising:
-
a computing platform, said computing platform being adapted to;
host one or more applications accessible by one or more users, at least one of said one or more users being associated with a role; and
affect runtime behavior of at least one of said applications based, at least in part, on said role, wherein said at least one of said applications is constructed from role agnostic source code. - View Dependent Claims (46, 47, 48)
-
-
49. An article comprising:
a storage medium comprising machine-readable instructions stored thereon to;
communicate with one or more applications hosted on a computing platform and accessible by one or more users, at least one of said one or more users being associated with a role; and
affect runtime behavior of at least one of said applications based, at least in part, on said role, wherein said at least one of said applications is constructed from role agnostic source code. - View Dependent Claims (50, 51, 52)
Specification