Defining an Authorizer in a Virtual Computing Infrastructure

US 20120110636A1
Filed: 11/17/2011
Published: 05/03/2012
Est. Priority Date: 06/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method of allowing an authorizing entity to grant permission to a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising:

defining an authorizer as the entity having granting authority to delegate a predetermined permission;

defining a subject as a group to whom the permission is being delegated;

defining an object upon which an action is authorized within the cloud computing environment;

defining the action being authorized in the cloud computing environment; and

authorizing members of the subject group to perform the permitted action on the object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorizing entity is allowed to grant permission to a subject to perform an action on an object in a cloud computing environment. An authorizer is defined as the entity having granting authority to delegate a predetermined permission. A subject is defined as a group to whom the permission is being delegated. An object is defined upon which an action is authorized within the cloud computing environment. The action being authorized in the cloud computing environment is defined. Members of the subject group are authorized to perform the permitted action on the object.

127 Citations

14 Claims

1. A method of allowing an authorizing entity to grant permission to a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising:
- defining an authorizer as the entity having granting authority to delegate a predetermined permission;
  
  defining a subject as a group to whom the permission is being delegated;
  
  defining an object upon which an action is authorized within the cloud computing environment;
  
  defining the action being authorized in the cloud computing environment; and
  
  authorizing members of the subject group to perform the permitted action on the object.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the object is a machine image from which data is accessed.
  - 3. The method of claim 1, wherein the object is executed code.
  - 4. The method of claim 1, wherein the object is a data store.

5. A method of granting permission to access a cloud computing environment having a plurality of computing nodes, the method comprising:
- determining a policy to which a plurality of permissions is associated;
  
  determining a first permission associated with the policy; and
  
  determining a second permission associated with the policy, wherein an authorizer of the second permission is compatible with at least one from a group consisting of a subject, action, or object associated with the first permission.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein the authorizer of the second permission share a same value as the subject associated with the first permission.
  - 7. The method of claim 5, wherein the authorizer is a descendant of a subject associated with the first permission, in a naming hierarchy.

8. A cloud computing system, comprising:
- a plurality of computing nodes;
  
  at least one storage configured to store a plurality of processing instructions; and
  
  at least one processor in communication with the at least one storage, and configure to execute instructions to;
  
  define an authorizer as the entity having granting authority to delegate a predetermined permission;
  
  define a subject as a group to whom the permission is being delegated;
  
  define an object upon which an action is authorized within the cloud computing environment;
  
  define the action being authorized in the cloud computing environment; and
  
  authorize members of the subject group to perform the permitted action on the object.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein the object is a machine image from which data is accessed.
  - 10. The system of claim 8, wherein the object is executed code.
  - 11. The method of claim 8, wherein the object is a data store.

12. A cloud computing system, comprising:
- a plurality of computing nodes;
  
  at least one storage configured to store a plurality of processing instructions; and
  
  at least one processor in communication with the at least one storage, and configure to execute instructions to;
  
  determine a policy to which a plurality of permissions is associated;
  
  determine a first permission associated with the policy; and
  
  determine a second permission associated with the policy, wherein an authorizer of the second permission is compatible with at least one from a group consisting of a subject, action, or object associated with the first permission.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the authorizer of the second permission share a same value as the subject associated with the first permission.
  - 14. The system of claim 12, wherein the authorizer is a descendant of a subject associated with the first permission, in a naming hierarchy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
VAN BILJON, Willem Robert, Pinkham, Christopher Conway, Gorven, Michael Carl, Hardy, Alexandre, Hoole, Quinton Robin, Kalele, Girish, Cloran, Russell Andrew, Divey, Brynmor K. B.

Granted Patent

US 9,076,168 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

G06Q 30/04   Billing or invoicing

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/10   Tax strategies

H04L 41/0213   Standardised network manage...

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 67/10   in which an application is ...

H04L 67/60   Scheduling or organising th...

H04L 9/40   Network security protocols

H04M 15/66   Policy and charging system

Defining an Authorizer in a Virtual Computing Infrastructure

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Defining an Authorizer in a Virtual Computing Infrastructure

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links