DISTRIBUTED SERVICES AUTHORIZATION MANAGEMENT
First Claim
1. A method for providing resource authorization to users of a distributed memory store, comprising:
- accessing an authorization document stored in a distributed memory store using a session ID that identifies an authorization document location, the authorization document comprising a global section comprising a principal ID related to a user;
authorizing the user for a resource if a resource section, comprising resource authorization data, is present for the principal ID in the authorization document; and
if the resource section for the resource is not present in the authorization document;
creating a local resource section in the authorization document for the resource indicated by a resource identifier;
loading resource authorization data into the local resource section corresponding to the resource; and
saving the authorization document, comprising the global section and the local resource section indicated by the resource identifier, locally in the distributed memory store for the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
One or more techniques and/or systems are disclosed for providing resource authorization to users of a distributed memory store (e.g., a distributed web-based cloud service). A session ID that identifies a location of an authorization document in a distributed memory store is used to access the authorization document, which comprises a global section with a principal ID related to a user. The user can be authorized to utilize a resource (e.g., in a distributed cloud service) if a resource section is present for the principal ID in the authorization document, and has appropriate resource data for the resource. If the resource section is not present, it can be created in the authorization document, and identified by a resource identifier. Authorization data can be loaded into the newly created resource section, and the authorization document, with the global and resource sections, is saved to a local cache for the distributed memory store.
-
Citations
20 Claims
-
1. A method for providing resource authorization to users of a distributed memory store, comprising:
-
accessing an authorization document stored in a distributed memory store using a session ID that identifies an authorization document location, the authorization document comprising a global section comprising a principal ID related to a user; authorizing the user for a resource if a resource section, comprising resource authorization data, is present for the principal ID in the authorization document; and if the resource section for the resource is not present in the authorization document; creating a local resource section in the authorization document for the resource indicated by a resource identifier; loading resource authorization data into the local resource section corresponding to the resource; and saving the authorization document, comprising the global section and the local resource section indicated by the resource identifier, locally in the distributed memory store for the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for providing resource authorization to users of a distributed memory store, comprising:
-
a distributed memory store comprising memory components configured to store resource authorization data; and a user authorization component operably coupled with the distributed memory store, and configured to, upon user authentication, create an authorization document identified by a principal ID related to a user and comprising a global section configured to be propagated to memory components of the distributed memory store upon request, the user authorization component comprising; a resource checking component configured to authorize the user for a resource if a resource section, comprising resource authorization data, is present for the principal ID in the authorization document; a resource section creation component configured to create a local resource section in the authorization document for the resource, indicated by a resource identifier, by loading resource authorization data into the local resource section corresponding to the resource, if the resource section for the resource is not present in the authorization document; and an authorization caching component configured to save the authorization document, comprising the global section and the local resource section indicated by the resource identifier, locally for the resource in the distributed memory store. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method for providing resource authorization to users of a distributed memory store, comprising:
-
upon user authentication; creating an authorization document comprising a global section comprising a principal ID and user-related information; creating a session document indexed in memory of the distributed memory store by a session ID, the session document comprising the principal ID that references the authorization document; and providing the session ID to the user; and authorizing the user for a resource, comprising; accessing the authorization document stored in a distributed memory store using the session ID that identifies an authorization document location; authorizing the user for the resource if a resource section, comprising resource authorization data, is present for the principal ID in the authorization document; and if the resource section is not present in the authorization document; creating a local resource section in the authorization document for the resource indicated by a resource identifier; loading resource authorization data into the local resource section corresponding to the resource; adding an expiration time to the local resource section; and saving the authorization document, comprising the global section and the local resource section indicated by the resource identifier, locally for the resource in the distributed memory store.
-
Specification