SYSTEM FOR PROVISIONING DIVERSE TYPES OF RESOURCES THROUGH A UNIFIED INTERFACE

US 20130151705A1
Filed: 12/07/2011
Published: 06/13/2013
Est. Priority Date: 12/07/2011
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

in response to detecting an occurrence of a first type of event relative to a user, automatically provisioning, to the user, access to at least (a) a first resource that is of a first resource type and (b) a second resource that is of a second resource type that differs from the first resource type; and

in response to detecting an occurrence of a second type of event relative to the user, automatically revoking, from the user, access to both the first resource and the second resource;

wherein said first resource is a specific instance of an abstract resource concept;

wherein said second resource is a specific instance of said abstract resource concept;

wherein said provisioning and said revocation are performed by a system that unifies a data model, a resource privilege model, and a user interface; and

wherein the method is performed by one or more computing devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

By using a unified generic resource provisioning system, all of an organization'"'"'s resources may be provisioned through a single user interface system, a single cohesive data model, and a single consistent model of access. The system described herein provisions an organization'"'"'s resources to both new and existing employees in response to different employee events. For example, in response to a single event that indicates that an employee has been hired by the company, he is automatically given access to a phone, a badge, a virtual machine, and SSL certificates that he can use during his employment with the company. Much later, when the same employee terminates his employment with the company, that employee'"'"'s access to all of these resources is revoked in response to another single event, such as an event originating from a human resources department, indicating that employee'"'"'s last date of hire with the company.

37 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- in response to detecting an occurrence of a first type of event relative to a user, automatically provisioning, to the user, access to at least (a) a first resource that is of a first resource type and (b) a second resource that is of a second resource type that differs from the first resource type; and
  
  in response to detecting an occurrence of a second type of event relative to the user, automatically revoking, from the user, access to both the first resource and the second resource;
  
  wherein said first resource is a specific instance of an abstract resource concept;
  
  wherein said second resource is a specific instance of said abstract resource concept;
  
  wherein said provisioning and said revocation are performed by a system that unifies a data model, a resource privilege model, and a user interface; and
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 11, 12, 13, 14, 15, 16, 18)
- - 2. The method of claim 1, wherein:
    - the step of provisioning access to the first resource and the second resource comprises provisioning, to the user, access to at least a telephone, a security badge, a cube, a virtual machine, and a Single Sockets Layer (SSL) certificate; and
      
      the step of revoking access to the first resource and the second resource comprises revoking, from the user, access to at least said telephone, said security badge, said cube, said virtual machine, and said SSL certificate.
  - 3. The method of claim 1, further comprising:
    - revoking, from the user, access to a third resource in response to determining that a lease expiry date stored within data associated with the third resource has passed.
  - 4. The method of claim 1, further comprising:
    - storing data that identifies a first user as an owner of the first resource;
      
      in response to receiving user association information from the first user, storing data that indicates that the first resource is associated with a second user who is separate from the first user;
      
      in response to receiving user permission data from the first user, storing data that indicates a set of operations that the second user is allowed to perform relative to the first resource; and
      
      in response to detecting an attempt by the second user to perform, relative to the first resource, a particular operation that is not contained in the set of operations, preventing the particular operation from being performed relative to the first resource.
  - 5. The method of claim 1, further comprising:
    - granting, to a particular user, a lock on the first resource;
      
      while the lock on the first resource is granted to the particular user, (1) allowing the particular user to modify data associated with the first resource and (2) preventing users other than the particular user from modifying data associated with the first resource;
      
      releasing the lock on the first resource; and
      
      while the lock on the first resource is not granted to any user, allowing a user to obtain the lock on the first resource.
  - 6. The method of claim 1, further comprising:
    - in response to the first resource changing from a first version of the first resource to a second version of the first resource, storing and retaining first version data that indicates a state of the first version of the first resource and also storing second version data that indicates a state of the second version of the first resource.
  - 8. The method of claim 1, further comprising:
    - persistently storing, within a historical repository, (a) first data that indicates details of a first entity that represents the first request, (b) second data that indicates details of a second entity that represents the specified resource, and (c) third data that indicates details of a third entity that represents an approval of the first request; and
      
      generating a report that specifies at least some of the first data, at least some of the second data, and at least some of the third data.
  - 11. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 1.
  - 12. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 2.
  - 13. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 3.
  - 14. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 4.
  - 15. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 5.
  - 16. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 6.
  - 18. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 8.

7. A computer-implemented method comprising:
- receiving, from a user, a first request to provision a specified resource for use in a specified project;
  
  in response to the first request, determining, based on a particular rule within a set of stored rules, whether less than a specified maximum quantity of resources of a same type as a particular type of the specified resource have been provisioned for use with the specified project; and
  
  in response to determining that less than the specified maximum quantity of resources of the particular type have been provisioned for use with the specified project, forwarding the first request to a service provider that provisions resources of the particular type; and
  
  in response to the service provider provisioning a resource of the particular type, updating stored data that indicates a quantity of resources of the particular type that are currently provisioned for use with the specified project;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (17)
- - 17. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 7.

9. A computer-implemented method comprising:
- storing data that defines a hierarchical tree of nodes in which at least some nodes are associated with one or more resources and one or more users;
  
  in response to a request, from a first user, to access a particular resource that is associated with a particular node of the tree, determining whether the first user is associated with a node that is either the particular node or an ancestor of the particular node in the tree; and
  
  in response to determining that the first user is associated with a node that is either the particular node or an ancestor of the particular node in the tree, granting the first user access to the particular resource;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (10, 19, 20)
- - 10. The method of claim 9, further comprising:
    - in response to a request, from a second user, to access the particular resource that is associated with the particular node of the tree, determining whether the second user is associated with a node that is either the particular node or an ancestor of the particular node in the tree; and
      
      in response to determining that the second user is not associated with a node that is either the particular node or an ancestor of the particular node in the tree, denying the second user access to the particular resource.
  - 19. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 9.
  - 20. One or more storage media storing instructions which, when executed by one or more processors, causes performance of the method recited in claim 10.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Menon, Sanjay, Chakraborty, Krishnendu, Shrivastav, Ajit

Application Number

US13/314,109
Publication Number

US 20130151705A1
Time in Patent Office

Days
Field of Search
US Class Current

709/226
CPC Class Codes

G06Q 10/1053 Employment or hiring

SYSTEM FOR PROVISIONING DIVERSE TYPES OF RESOURCES THROUGH A UNIFIED INTERFACE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR PROVISIONING DIVERSE TYPES OF RESOURCES THROUGH A UNIFIED INTERFACE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links