Authorization Decisions with Principal Attributes
First Claim
1. A system implementing a security scheme having a unified principal-to-attribute binding mechanism, the system comprising token assertions that can utilize the unified principal-to-attribute binding mechanism and policy assertions that can utilize the unified principal-to-attribute binding mechanism.
2 Assignments
0 Petitions
Accused Products
Abstract
Authorization descisions may be made based on principal attributes. In an example implementation, a security scheme has a principal-to-attribute binding mechanism that is unified across both token assertions and policy assertions. In another example implementation, conditional access to a resource is based on a principal simultaneously possessing multiple attributes. In yet another example implementation, a principal may be granted access to a resource if the principal possesses at least one value that is included in a defined subset of values for a given attribute.
119 Citations
20 Claims
- 1. A system implementing a security scheme having a unified principal-to-attribute binding mechanism, the system comprising token assertions that can utilize the unified principal-to-attribute binding mechanism and policy assertions that can utilize the unified principal-to-attribute binding mechanism.
- 9. A device that protects a resource and provides conditional access to the resource based on a principal simultaneously possessing multiple predetermined attributes.
-
16. A method comprising:
-
for an authorization policy on a resource, defining a subset of values from among a total set of potential values for a given attribute, the defined subset of values including at least two values; receiving an access request from a principal that is directed to the resource; in response to the access request, determining if the principal possesses at least one value that is included in the defined subset of values for the given attribute; and if the principal is determined to possess at least one value that is included in the defined subset of values for the given attribute, granting the principal access to the resource. - View Dependent Claims (17, 18, 19, 20)
-
Specification