SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM

US 20130031612A1
Filed: 07/23/2012
Published: 01/31/2013
Est. Priority Date: 07/28/2011
Status: Abandoned Application

First Claim

Patent Images

1. A server apparatus comprising:

an acquisition unit configured to, when authorization information including token identification information of an authorization token and a received scope as authority of the authorization token is received, reference token data comprising the token identification information, the scope, and user identification information based on the token identification information, and acquire the scope and the user identification information linked to the token identification information included in the authorization information;

a determination unit configured to, if identification information used for identifying a cloud service is set in the scope acquired by the acquisition unit, determine whether the cloud service identified by the identification information is defined in the received scope included in the authorization information;

a service use non-permission unit configured to, if the determination unit determines that the cloud service identified by the identification information is not defined in the received scope included in the authorization information, not permit use of the cloud service identified by the identification information;

a service availability determination information acquisition unit configured to, if the determination unit determines that the cloud service identified by the identification information is defined in the received scope included in the authorization information, reference role reference data that the scope and information of whether the role as authority for a user to access the cloud service needs to be referenced are linked, based on the received scope included in the authorization information, and acquire service availability determination information indicating whether a role linked to the received scope included in the authorization information needs to be referenced; and

a service use permission unit configured to permit use of the cloud service identified by the identification information if the service availability determination information acquired by the service availability determination information acquisition unit indicates that referencing the role is not necessary.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service.

25 Citations

View as Search Results

14 Claims

1. A server apparatus comprising:
- an acquisition unit configured to, when authorization information including token identification information of an authorization token and a received scope as authority of the authorization token is received, reference token data comprising the token identification information, the scope, and user identification information based on the token identification information, and acquire the scope and the user identification information linked to the token identification information included in the authorization information;
  
  a determination unit configured to, if identification information used for identifying a cloud service is set in the scope acquired by the acquisition unit, determine whether the cloud service identified by the identification information is defined in the received scope included in the authorization information;
  
  a service use non-permission unit configured to, if the determination unit determines that the cloud service identified by the identification information is not defined in the received scope included in the authorization information, not permit use of the cloud service identified by the identification information;
  
  a service availability determination information acquisition unit configured to, if the determination unit determines that the cloud service identified by the identification information is defined in the received scope included in the authorization information, reference role reference data that the scope and information of whether the role as authority for a user to access the cloud service needs to be referenced are linked, based on the received scope included in the authorization information, and acquire service availability determination information indicating whether a role linked to the received scope included in the authorization information needs to be referenced; and
  
  a service use permission unit configured to permit use of the cloud service identified by the identification information if the service availability determination information acquired by the service availability determination information acquisition unit indicates that referencing the role is not necessary.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The server apparatus according to claim 1, further comprising:
    - a role acquisition unit configured to, if identification information used for identifying the cloud service is not set in the scope acquired by the acquisition unit, acquire the role linked to the user identification information acquired by the acquisition unit, wherein user management data including the role as authority for a user to access the cloud service,wherein the service use permission unit further permits use of the cloud service if the user has the authority to access the cloud service defined in the received scope included in the authorization information, based on the role acquired by the role acquisition unit.
  - 3. The server apparatus according to claim 2, wherein if the authority for accessing the cloud service defined in the received scope included in the authorization information is not assigned to the role acquired by the role acquisition unit, the service use non-permission unit further does not permit use of the cloud service.
  - 4. The server apparatus according to claim 2, wherein if the service availability determination information acquired by the service availability determination information acquisition unit indicates that the role needs to be referenced, the role acquisition unit references the user management data based on the user identification information acquired by the acquisition unit, and further acquires the role linked to the user identification information acquired by the acquisition unit.
  - 5. The server apparatus according to claim 2, further comprising a user management unit configured to manage the user management data, wherein the user management unit assigns a role to a paying user and does not assign a role to a non-paying user when registering data to the user management data.
  - 6. The server apparatus according to claim 1, further comprising an authorization token issuance unit configured to issue the authorization token, wherein when registering data in the token data, the authorization token issuance unit does not set the identification information used for identifying the cloud service to the scope with respect to a paying user and sets the identification information used for identifying the cloud service to the scope with respect to a non-paying user.

7. An information processing method executed by a server apparatus, the method comprising:
- when authorization information including token identification information of an authorization token and a received scope as authority of the authorization token is received, referencing (S1401) token data comprising the token identification information, the scope, and user identification information based on the token identification information, and acquiring (s1401) the scope and the user identification information linked to the token identification information included in the authorization information;
  
  if identification information used for identifying a cloud service is set in the acquired scope, determining (S1403) whether the cloud service identified by the identification information is defined in the received scope included in the authorization information;
  
  if the cloud service identified by the identification information is determined as not defined in the received scope included in the authorization information, permitting no use of the cloud service identified by the identification information (S1409);
  
  if the cloud service identified by the identification information is determined as defined in the received scope included in the authorization information, referencing (S1404) role reference data that the scope and information of whether the role as authority for a user to access the cloud service needs to be referenced are linked, based on the received scope included in the authorization information, and acquiring service availability determination information indicating whether a role linked to the received scope included in the authorization information needs to be referenced; and
  
  if the service availability determination information which has been acquired indicates that referencing the role is not necessary, permitting use of the cloud service identified by the identification information (S1408).
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The information processing method according to claim 7, further comprising:
    - if identification information used for identifying the cloud service is not set in the acquired scope, acquiring the acquired role linked to the user identification information, wherein user management data including the role as authority for a user to access the cloud service,wherein use of the cloud service is further permitted if the user has the authority to access the cloud service defined in the received scope included in the authorization information, based on the acquired role.
  - 9. The information processing method according to claim 8, wherein if the authority for accessing the cloud service defined in the received scope included in the authorization information is not assigned to the acquired role, use of the cloud service is not permitted.
  - 10. The information processing method according to claim 8, further comprising:
    - if the service availability determination information which has been acquired indicates that the role needs to be referenced, referencing (S1406) the user management data based on the user identification information which has been acquired; and
      
      acquiring the role linked to the acquired user identification information.
  - 11. The information processing method according to claim 8, further comprising managing the user management data, and assigning a role to a paying user and not assigning a role to a non-paying user when data is registered in the user management data.
  - 12. The information processing method according to claim 7, further comprising issuing the authorization token, wherein when registering data in the token data, the identification information used for identifying the cloud service is not set to the scope with respect to a paying user and is set to the scope with respect to a non-paying user.
  - 13. A program which, when executed by a computer, causes the computer to carry out the method of claim 7.
  - 14. A computer-readable storage medium storing the computer program according to claim 13.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Ayutthaya Limited (Canon Inc.)
Original Assignee
Canon Ayutthaya Limited (Canon Inc.)
Inventors
Funayama, Hirotaka

Application Number

US13/555,974
Publication Number

US 20130031612A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 12/14   Charging , metering or bill...

H04L 2463/101   applying security measures ...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links