AUTHORIZATION FRAMEWORK
First Claim
1. A method of managing authorizations to resources of a computer system, said method comprising:
- receiving a request for access to a resource from a user;
calling one or more authorization plugin modules that each make an authorization decision; and
determining a final decision for authorization to the requested resource based on the authorization decisions of the authorization plugin modules.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide an authorization framework that can accept one or more pluggable authorization modules and the final authorization decision can be a collective decision of these modules based on some criteria. The authorization framework of the present invention can be used by an application to call upon one or more pluggable authorization modules, which can be configured externally by some mechanism, to make individual authorization decisions. The overall authorization decision by the authorization framework is cumulative decision of the individual modules based on some criteria that can be configured. Each pluggable authorization module can be configured to perform its own authorization decision making process that can be different from those of the other modules.
32 Citations
19 Claims
-
1. A method of managing authorizations to resources of a computer system, said method comprising:
-
receiving a request for access to a resource from a user; calling one or more authorization plugin modules that each make an authorization decision; and determining a final decision for authorization to the requested resource based on the authorization decisions of the authorization plugin modules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An application server configured to determine authorization to a resource, said server comprising:
-
one or more authorization plugin modules that are configurable by an external mechanism to make an authorization decision; and an authorization framework that is configured to call the one or more authorization plugin modules and combine the decisions of the authorization plugin modules into an authorization decision based on configurable criteria. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for managing authorizations to resources of a computer system, said apparatus comprising:
-
means for receiving a request for access to a resource from a user; means for calling one or more authorization plugin modules that each make an authorization decision; and means for determining a final decision for authorization to the requested resource based on the authorization decisions of the authorization plugin modules.
-
Specification