MULTIPLE ENTITY AUTHORIZATION MODEL
First Claim
1. A system for securing records in a web method accessible platform, comprising:
- a platform component that stores at least one data record related to an entity, the data record is accessible by at least one web method exposed by the platform; and
a record access component that restricts access to the data record to one or more applications that are granted authorization to access the data record by an entity authorized to access the data record.
2 Assignments
0 Petitions
Accused Products
Abstract
An authorization framework is provided that protects data records in a platform, such as a service-based platform, by requiring multiple level entities to be authorized with respect to the data records. For example, the data records can have an associated owner user that can grant access to other users with respect to the data. Additionally, however, the user can also grant access to certain applications that access the platform such that the data records can be initially closed for a user requiring the user to explicitly grant desired access to applications and/or users. In this regard, applications can be forbidden from accessing the data, even on behalf of the user, unless expressly authorized to do so by the user. Thus, the user can make informed decisions regarding who is to have access to its data.
116 Citations
20 Claims
-
1. A system for securing records in a web method accessible platform, comprising:
-
a platform component that stores at least one data record related to an entity, the data record is accessible by at least one web method exposed by the platform; and a record access component that restricts access to the data record to one or more applications that are granted authorization to access the data record by an entity authorized to access the data record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for securing data records in a service-based web platform, comprising:
-
verifying authorization for an application requesting access to one or more data records in the platform; verifying authorization for one or more users on whose behalf the request for access to the one or more data records is made; and granting or denying access to the one or more data records based in part on the authorization verifications. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for securing one or more data records in a web-service platform, comprising:
-
means for storing data records in a centralized platform and exposing one or more web methods to access the data records; and means for controlling access to data records and web methods based at least in part on one or more authorization rules related to a calling application and an associated user context. - View Dependent Claims (20)
-
Specification