ROLE-BASED ACCESS CONTROL TO COMPUTING RESOURCES IN AN INTER-ORGANIZATIONAL COMMUNITY
First Claim
1. A method for controlling access to a plurality of computing resources in a distributed computing environment, said distributed computing environment including an application role server and a plurality of organizations, each organization including at least one access control node and at least one authentication server, said method comprising the steps of:
- responsive to receiving a certificate request from a computing resource requester belonging to a first organization of said plurality of organizations, said application role server conditionally, upon successfully authenticating said computing resource requester by querying an authentication server belonging to said first organization, issuing a digital certificate to said computing resource requester; and
responsive to a first access control node receiving a resource access request from said computing resource requester, said resource access request requesting access to a computing resource, said first access control node performing a step selected from the group consisting of;
forwarding said resource access request to a second access control node;
granting to said computing resource requester access to said computing resource upon ascertaining access privileges of said computing resource requester.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for controlling access to a plurality of computing resources in a distributed computing environment can comprise the steps of: an application role server, responsive to receiving a certificate request, authenticating the requester and issuing a digital certificate to the requester; an access control node, responsive to receiving a resource access request, granting access to the computing resource to the requester upon ascertaining the requestor'"'"'s access privileges, or forwarding the resource access request to another access control node.
204 Citations
55 Claims
-
1. A method for controlling access to a plurality of computing resources in a distributed computing environment, said distributed computing environment including an application role server and a plurality of organizations, each organization including at least one access control node and at least one authentication server, said method comprising the steps of:
-
responsive to receiving a certificate request from a computing resource requester belonging to a first organization of said plurality of organizations, said application role server conditionally, upon successfully authenticating said computing resource requester by querying an authentication server belonging to said first organization, issuing a digital certificate to said computing resource requester; and responsive to a first access control node receiving a resource access request from said computing resource requester, said resource access request requesting access to a computing resource, said first access control node performing a step selected from the group consisting of;
forwarding said resource access request to a second access control node;
granting to said computing resource requester access to said computing resource upon ascertaining access privileges of said computing resource requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for controlling access to a plurality of computing resources in a distributed computing environment, said distributed computing environment including an application role server and a plurality of organizations, each organization including at least one access control node, said method comprising the steps of:
-
responsive to receiving a certificate request from a computing resource requester belonging to a first organization of said plurality of organizations, said application role server conditionally, upon successfully authenticating said computing resource requester, issuing a digital certificate to said computing resource requestor; and responsive to a first access control node receiving a resource access request requesting access to a computing resource, said first access control node performing a step selected from the group consisting of;
forwarding said resource access request to a second access control node;
granting to said computing resource requester access to said computing resource upon ascertaining access privileges of said computing resource requester;wherein said first access control node belongs to said first organization. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for controlling access to a plurality of computing resources in a distributed computing environment, said distributed computing environment including an application role server and a plurality of access control nodes, said method comprising the steps of:
-
responsive to receiving a certificate request from a computing resource requester, said application role server conditionally, upon successfully authenticating said computing resource requester, issuing a digital certificate to said computing resource requester; responsive to receiving a resource search request by a first access control node, said first access control node conditionally, upon successfully authenticating said computing resource requester, performing resource search; and responsive to said first access control node receiving a resource access request requesting access to a computing resource to said computing resource requester, said first access control node performing a step selected from the group consisting of;
forwarding said resource access request to a second access control node;
granting to said computing resource requester access to said computing resource upon ascertaining access privileges of said computing resource requester. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for controlling access to a plurality of computing resources in a distributed computing environment, said distributed computing environment including an application role server and a plurality of access control nodes, said method comprising the steps of:
-
responsive to receiving a resource search request by a first access control node, said first access control node requesting role assignment information for said computing resource requester from said application role server; responsive to receiving a role assignment information request, said application role server conditionally, upon successfully authenticating said computing resource requester, forwarding a role assignment information for said computing resource requester to said first access control node; responsive to receiving by said first access control node said role assignment information from said application role server, said first access control node performing resource search; and responsive to receiving by a first access control node a resource access request requesting access to a computing resource, said first access control node performing a step selected from the group consisting of;
forwarding said resource access request to a second access control node;
granting access to said computing resource to said computing resource requester upon ascertaining access privileges of said computing resource requester. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method for controlling access to a plurality of computing resources in a distributed computing environment, said distributed computing environment including an application role server and a plurality of organizations, each organization including at least one access control node, said method comprising the steps of:
-
responsive to a first access control node receiving a request to access a computing resource from a computing resource requester, said computing resource requester belonging to a first organization of said plurality of organizations, said first access control node requesting role assignment information for said computing resource requester from said application role server; responsive to receiving a role assignment information request, said application role server conditionally, upon successfully authenticating said computing resource requester, forwarding role assignment information for said computing resource requester to said first access control node; and responsive to said first access control node receiving said role assignment information from said application role server, said first access control node performing a step selected from the group consisting of;
forwarding said resource access request to a second access control node;
granting to said computing resource requester access to said computing resource requester upon ascertaining access privileges of said computing resource requester;wherein said first access control node belongs to said first organization. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A method of joining a multi-organizational resource sharing community by a joining organization, said resource sharing community comprising a plurality of organizations and an application role server, said joining organization having an organizational network interconnecting a plurality of computing resources and an authentication server, said method comprising the steps of:
-
provisioning at least one access control node for said joining organization; providing user role assignment information for at least one computing resource requester associated with said joining organization; and registering said authentication server with said application role server. - View Dependent Claims (51, 52, 53, 54, 55)
-
Specification