Fine-Grained Authorization by Traversing Generational Relationships
First Claim
1. A method for determining access rights to a resource managed by an application, the method comprising:
- receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource;
locating, based on the request, the resource in a containment relationship graph and in a structure having groupings of resources;
traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource;
reading an authorization table associated with a grouping having the generational resource in the groupings; and
determining whether to grant the access rights for performing the action on the resource.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.
-
Citations
30 Claims
-
1. A method for determining access rights to a resource managed by an application, the method comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource; locating, based on the request, the resource in a containment relationship graph and in a structure having groupings of resources; traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource; reading an authorization table associated with a grouping having the generational resource in the groupings; and determining whether to grant the access rights for performing the action on the resource. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10)
-
-
4. (canceled)
-
11. A system for determining access rights to a resource managed by an application, the system comprising:
-
an input module for receiving a request from a user for performing an action on a resource; a locator module for locating the resource in a containment relationship graph and in a structure having groupings of resources; a traversor module for traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource; a reader module for reading the authorization table associated with the grouping having the generational resource; and a decision module for determining whether to grant the access rights for performing the action on the resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
21. A machine-accessible medium containing instructions, which when executed by a machine, cause the machine to perform operations for determining access rights to a resource managed by an application, comprising:
-
receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource; locating, based on the request, the resource in a containment relationship graph and in a structure having groupings of resources; traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource; reading an authorization table associated With a grouping-having the generational resource in the groupings; and determining whether to grant the access rights for performing the action on the resource.
-
Specification