TARGET-BASED ACCESS CHECK INDEPENDENT OF ACCESS REQUEST
First Claim
Patent Images
1. A method comprising:
- building, at a target system controlling access to a resource, a context of a principal independently of the principal requesting access to the resource; and
applying, at the target system, an authorization policy to the context to determine whether the principal is permitted to access the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.
27 Citations
20 Claims
-
1. A method comprising:
-
building, at a target system controlling access to a resource, a context of a principal independently of the principal requesting access to the resource; and applying, at the target system, an authorization policy to the context to determine whether the principal is permitted to access the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a target system, cause the one or more processors to:
-
build a context of a principal as if the principal were requesting access to a resource, a resource manager of the target system controlling access to the resource; apply an authorization policy to the context to determine whether the principal is permitted to access the resource; and provide, to an administrator, an indication of whether the principal is permitted to access the resource. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
building, at a target system controlling access to a resource, a context of a principal independently of the principal requesting access to the resource; applying, at the target system, an authorization policy to the context; determining, at the target system based on the applying, whether the principal is permitted to access the resource; providing, based on the determining, an indication of whether the principal is permitted to access the resource; modifying the context; applying, at the target system, the authorization policy to the modified context; determining, at the target system based on the applying of the authorization policy to the modified context, whether a principal having the modified context is permitted to access the resource; and providing, to an administrator and based on the determining of whether a principal having the modified context is permitted to access the resource, an indication of whether the principal having the modified context is permitted to access the resource.
-
Specification