Business pre-permissioning in delegated third party authorization
First Claim
10. Apparatus to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
- a processor;
computer memory holding computer program instructions that when executed by the processor perform a method comprising;
registering a third party application that is permitted to access protected resources on behalf of end users via a delegated authorization protocol;
for at least one end user associated with the organization, setting a permission that determines whether the third party application is permitted to access one or more protected resources associated with the end user; and
responsive to a request by the third party application to access a protected resource, where the request is received via the delegated authorization protocol, using the permission to determine whether the third party application is permitted to access the protected resource.
3 Assignments
0 Petitions
Accused Products
Abstract
A method to manage access to end user-protected resources hosted in a shared pool of configurable computing resources, such as a cloud computing environment, begins by registering a particular application or service into the environment. The application or service is one that is being permitted to access resources on behalf of end users via a delegated authorization protocol, such as OAuth. For at least one end user associated with the organization, a permission is set, preferably by an organization entity, such as an organization administrator. The permission determines whether the application or service is permitted to access one or more resources associated with the end user. Then, in response to a request by the third party application to access a resource, where the request is received via the delegated authorization protocol, the permission is then used to determine whether the third party application is permitted to access the resource.
-
Citations
24 Claims
-
10. Apparatus to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; registering a third party application that is permitted to access protected resources on behalf of end users via a delegated authorization protocol; for at least one end user associated with the organization, setting a permission that determines whether the third party application is permitted to access one or more protected resources associated with the end user; and responsive to a request by the third party application to access a protected resource, where the request is received via the delegated authorization protocol, using the permission to determine whether the third party application is permitted to access the protected resource. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product in a computer readable medium for use in a data processing system to manage access to resources hosted in a shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
registering a third party application that is permitted to access protected resources on behalf of end users via a delegated authorization protocol; for at least one end user associated with the organization, setting a permission that determines whether the third party application is permitted to access one or more protected resources associated with the end user; and responsive to a request by the third party application to access a protected resource, where the request is received via the delegated authorization protocol, using the permission to determine whether the third party application is permitted to access the protected resource. - View Dependent Claims (19, 20, 21, 22)
-
-
23-1. The computer program product as described in claim 23 wherein determining whether the third party application is permitted to access the protected resource includes evaluating validity of a credential associated with the request, the credential uniquely identifying the third party application in the shared pool of configurable computing resources.
Specification