TRUSTING SECURITY ATTRIBUTE AUTHORITIES THAT ARE BOTH COOPERATIVE AND COMPETITIVE
First Claim
1. A method of authorizing a user of a first domain with access to resources of a second domain, the method comprising the steps of:
- assigning first role first and second roles to a user in a first domain;
assigning a specified role in a second domain to the first role only if the user has been assigned the first and second roles in the first domain;
assigning access to a resource in the second domain to the specified role;
receiving a request from the user for the resource; and
providing the user with access to the resource, only if the user has been assigned the first and second roles in the first domain without allowing any user who does not have both of the first and second roles, access to the resource.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for authorizing a user. The method comprises the steps of assigning a first role to a user in a first domain, assigning a second role in a second domain to the first role, and assigning access to a resource in the second domain to the second role. The method comprises the further steps of receiving a request from the user for the resource; and providing access to the resource, to the user. The invention may be employed by users and services to manage their interaction with those services, including configuring which they trust for what types of information, in what applications, and which subsets of information they can be trusted to provide.
-
Citations
26 Claims
-
1. A method of authorizing a user of a first domain with access to resources of a second domain, the method comprising the steps of:
-
assigning first role first and second roles to a user in a first domain; assigning a specified role in a second domain to the first role only if the user has been assigned the first and second roles in the first domain; assigning access to a resource in the second domain to the specified role; receiving a request from the user for the resource; and providing the user with access to the resource, only if the user has been assigned the first and second roles in the first domain without allowing any user who does not have both of the first and second roles, access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 12, 25)
-
-
8. A system for authorizing a user of a first domain with access to resources of a second domain, the system comprising:
-
means for assigning first and second roles to a user in a first domain; means for assigning a specified role in a second domain to the first role only if the user has been assigned the first and second roles in the first domain; means for assigning access to a resource in the second domain to the specified role; means for receiving a request from the user for the resource; and means for providing the user with access to the resource only if the user has been assigned the first and second roles in the first domain without allowing any user who does not have both of the first and second roles, access to the resource. - View Dependent Claims (9, 10, 11, 13, 26)
-
-
14. (canceled)
-
15. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for authorizing a user of a first domain with access to resources of a second domain, said method steps comprising:
-
assigning first and second roles to a user in a first domain; assigning a specified role in a second domain to the first role only if the user has been assigned the first and second roles in the first domain; assigning access to a resource in the second domain to the specified role; receiving a request from the user for the resource; and providing the user with access to the resource only if the user has been assigned the first and second roles in the first domain without allowing any user who does not have both of the first and second roles, access to the resource. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method of mapping from an attribute in one domain to an identity in another domain to provide a user of a first domain with access to resources of a second domain, the method comprising the steps of:
-
assigning first and second roles to a user in a first domain; assigning an identity in a second domain to the first role only if the user has been assigned the first and second roles in the first domain; assigning to the identity access to a resource in the second domain; receiving a request from the user with the first role for the resource; mapping the request to the identity in the second domain; and providing the user with access to the resource only if the user has been assigned the first and second roles in the first domain without allowing any user who does not have both of the first and second roles, access to the resource. - View Dependent Claims (23, 24)
-
Specification