Defining an Authorizer in a Virtual Computing Infrastructure
First Claim
1. A method of allowing an authorizing entity to grant permission to a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising:
- defining an authorizer as the entity having granting authority to delegate a predetermined permission;
defining a subject as a group to whom the permission is being delegated;
defining an object upon which an action is authorized within the cloud computing environment;
defining the action being authorized in the cloud computing environment; and
authorizing members of the subject group to perform the permitted action on the object.
2 Assignments
0 Petitions
Accused Products
Abstract
An authorizing entity is allowed to grant permission to a subject to perform an action on an object in a cloud computing environment. An authorizer is defined as the entity having granting authority to delegate a predetermined permission. A subject is defined as a group to whom the permission is being delegated. An object is defined upon which an action is authorized within the cloud computing environment. The action being authorized in the cloud computing environment is defined. Members of the subject group are authorized to perform the permitted action on the object.
127 Citations
14 Claims
-
1. A method of allowing an authorizing entity to grant permission to a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising:
-
defining an authorizer as the entity having granting authority to delegate a predetermined permission; defining a subject as a group to whom the permission is being delegated; defining an object upon which an action is authorized within the cloud computing environment; defining the action being authorized in the cloud computing environment; and authorizing members of the subject group to perform the permitted action on the object. - View Dependent Claims (2, 3, 4)
-
-
5. A method of granting permission to access a cloud computing environment having a plurality of computing nodes, the method comprising:
-
determining a policy to which a plurality of permissions is associated; determining a first permission associated with the policy; and determining a second permission associated with the policy, wherein an authorizer of the second permission is compatible with at least one from a group consisting of a subject, action, or object associated with the first permission. - View Dependent Claims (6, 7)
-
-
8. A cloud computing system, comprising:
-
a plurality of computing nodes; at least one storage configured to store a plurality of processing instructions; and at least one processor in communication with the at least one storage, and configure to execute instructions to; define an authorizer as the entity having granting authority to delegate a predetermined permission; define a subject as a group to whom the permission is being delegated; define an object upon which an action is authorized within the cloud computing environment; define the action being authorized in the cloud computing environment; and authorize members of the subject group to perform the permitted action on the object. - View Dependent Claims (9, 10, 11)
-
-
12. A cloud computing system, comprising:
-
a plurality of computing nodes; at least one storage configured to store a plurality of processing instructions; and at least one processor in communication with the at least one storage, and configure to execute instructions to; determine a policy to which a plurality of permissions is associated; determine a first permission associated with the policy; and determine a second permission associated with the policy, wherein an authorizer of the second permission is compatible with at least one from a group consisting of a subject, action, or object associated with the first permission. - View Dependent Claims (13, 14)
-
Specification