METHOD FOR CONTROLLING ACESS TO RESOURCES
First Claim
Patent Images
1. A method comprising:
- issuing a resource request from an application to a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and
providing credentials to the service provider such that an owner of the resource is able to grant consent to the resource request, wherein the consent is dependent on both the application and the requesting user.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention enables a service provider to authorise a service to access a resource or function provided by a service provider based on a resource owner'"'"'s consent, wherein the consent takes into account both to the identity of the service requesting the access and the identity of the user of the requesting service. The invention separates the service access process into a first step in which the requesting service is granted access on the condition that the access is made in the name of a defined user, and a second step in which the user of the requesting service authorises the requesting service to access the resource in the requesting user'"'"'s name.
108 Citations
19 Claims
-
1. A method comprising:
-
issuing a resource request from an application to a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and providing credentials to the service provider such that an owner of the resource is able to grant consent to the resource request, wherein the consent is dependent on both the application and the requesting user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a resource request from an application at a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and obtaining conditional authorisation to the resource request from an owner of the resource, wherein the conditional authorisation is dependent on the application and the requesting user. - View Dependent Claims (10, 11, 12, 13)
-
-
14. An application comprising:
-
a first output for issuing a resource request to a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and a second output for providing credentials to the service provider such that an owner of the resource is able to grant consent to the resource request, wherein the consent is dependent on both the application and the requesting user.
-
-
15. An application comprising:
-
a first input for receiving a resource request from an application at a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and means for obtaining conditional authorisation to the resource request from an owner of the resource, wherein the conditional authorisation is dependent on the application and the requesting user.
-
-
16. A method comprising:
-
receiving, at an application, a request from a user requesting access to a resource at a service provider; sending a first authorisation request seeking permission from an owner of the resource for the application to access the resource; receiving a conditional authorisation granting the application permission to access the said resource on condition that the access request is made in the name of a user defined in the conditional authorisation; sending a second authorisation request seeking permission from the user requesting access to the resource for the application to request access to the resource in the name of the user requesting access to a resource; receiving user authorisation to request access to the service provider in the name of the specified user; and
sending a third access request to the service provider requesting access to the service provider, the third access request including details of the user authorisation.
-
-
17. A method comprising:
-
receiving a request from an application to access a resource; receiving a first authorisation request seeking permission from an owner of the resource for the application to access the resource; obtaining a conditional authorisation granting the application permission to access the service provider on condition that the access request is made in the name of a specified user; forwarding the conditional authorisation to the application seeking access to the resource; receiving a second authorisation request seeking user authorisation for the application to request access to the resource in the name of the user requesting access to the resource; and receiving a third access request requesting access to the service provider, the third access request including details of the authorisation received from the requesting user.
-
-
18. A computer program product comprising:
-
means for issuing a resource request from an application to a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and means for providing credentials to the service provider such that an owner of the resource is able to grant consent to the resource request, wherein the consent is dependent on both the application and the requesting user.
-
-
19. A computer program product comprising:
-
means for receiving a resource request from an application at a service provider, the resource request requesting access to a resource at the service provider, wherein the resource request is issued by the application in the name of a requesting user; and means for obtaining conditional authorisation to the resource request from an owner of the resource, wherein the conditional authorisation is dependent on the application and the requesting user.
-
Specification