Business pre-permissioning in delegated third party authorization

US 20120117626A1
Filed: 11/10/2010
Published: 05/10/2012
Est. Priority Date: 11/10/2010
Status: Active Grant

First Claim

Patent Images

10. Apparatus to manage access to resources hosted in a shared pool of configurable computing resources, comprising:

a processor;

computer memory holding computer program instructions that when executed by the processor perform a method comprising;

registering a third party application that is permitted to access protected resources on behalf of end users via a delegated authorization protocol;

for at least one end user associated with the organization, setting a permission that determines whether the third party application is permitted to access one or more protected resources associated with the end user; and

responsive to a request by the third party application to access a protected resource, where the request is received via the delegated authorization protocol, using the permission to determine whether the third party application is permitted to access the protected resource.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method to manage access to end user-protected resources hosted in a shared pool of configurable computing resources, such as a cloud computing environment, begins by registering a particular application or service into the environment. The application or service is one that is being permitted to access resources on behalf of end users via a delegated authorization protocol, such as OAuth. For at least one end user associated with the organization, a permission is set, preferably by an organization entity, such as an organization administrator. The permission determines whether the application or service is permitted to access one or more resources associated with the end user. Then, in response to a request by the third party application to access a resource, where the request is received via the delegated authorization protocol, the permission is then used to determine whether the third party application is permitted to access the resource.

Citations

24 Claims

10. Apparatus to manage access to resources hosted in a shared pool of configurable computing resources, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a method comprising;
  
  registering a third party application that is permitted to access protected resources on behalf of end users via a delegated authorization protocol;
  
  for at least one end user associated with the organization, setting a permission that determines whether the third party application is permitted to access one or more protected resources associated with the end user; and
  
  responsive to a request by the third party application to access a protected resource, where the request is received via the delegated authorization protocol, using the permission to determine whether the third party application is permitted to access the protected resource.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus as described in claim 10 wherein the delegated authorization protocol is OAuth.
  - 12. The apparatus as described in claim 10 wherein the permission is set by an organization entity.
  - 13. The apparatus as described in claim 12 wherein the organization entity is an organization administrator.
  - 14. The apparatus as described in claim 10 wherein the permission is associated with a policy.
  - 15. The apparatus as described in claim 14 wherein the method further includes applying the policy and returning a response to the request.
  - 16. The apparatus as described in claim 15 wherein determining whether the third party application is permitted to access the protected resource includes evaluating validity of a credential associated with the request, the credential uniquely identifying the third party application in the shared pool of configurable computing resources.
  - 17. The apparatus as described in claim 15 wherein determining whether the third party application is permitted to access the protected resource includes evaluating validity of a token associated with the request, the token uniquely identifying the end user in the shared pool of configurable computing resources.

18. A computer program product in a computer readable medium for use in a data processing system to manage access to resources hosted in a shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
- registering a third party application that is permitted to access protected resources on behalf of end users via a delegated authorization protocol;
  
  for at least one end user associated with the organization, setting a permission that determines whether the third party application is permitted to access one or more protected resources associated with the end user; and
  
  responsive to a request by the third party application to access a protected resource, where the request is received via the delegated authorization protocol, using the permission to determine whether the third party application is permitted to access the protected resource.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The computer program product as described in claim 18 wherein the delegated authorization protocol is OAuth.
  - 20. The computer program product as described in claim 18 wherein the permission is set by an organization entity.
  - 21. The computer program product as described in claim 20 wherein the organization entity is an organization administrator.
  - 22. The computer program product as described in claim 18 wherein the permission is associated with a policy.

23-1. The computer program product as described in claim 23 wherein determining whether the third party application is permitted to access the protected resource includes evaluating validity of a credential associated with the request, the credential uniquely identifying the third party application in the shared pool of configurable computing resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ServiceNow Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Zurko, Mary Ellen, Yates, Robert Leslie, Kulkarni, Prashant S.

Granted Patent

US 8,544,068 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 51/42   Mailbox-related aspects, e....

H04L 63/101   Access control lists [ACL]

H04L 9/3213   using tickets or tokens, e....

Business pre-permissioning in delegated third party authorization

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Business pre-permissioning in delegated third party authorization

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links