DELEGATE AUTHORIZATION IN CLOUD-BASED STORAGE SYSTEM
First Claim
1. A method performed by one or more processors, the method comprising:
- receiving, at a hosted storage service, a resource and a request to store the resource, the request including a location of an access control service, wherein the access control service is separate from the hosted storage service and controls access permissions for the resource;
storing, at the hosted storage service, the resource in association with metadata that indicates the location of the access control service;
receiving, at the hosted storage service and from a client system, a request to access the stored resource;
accessing, at the hosted storage service, the metadata stored in association with the resource;
determining, at the hosted storage service and based on the metadata, that access permissions for the resource are controlled by the access control service;
in response to determining that access permissions for the resource are controlled by the access control service, sending an access request from the hosted storage service to the access control service, the access request identifying the resource and a user of the client system;
receiving, at the hosted storage service and from the access control service, an access response that indicates the user is permitted to access the resource; and
in response to receiving the access response, sending the resource from the hosted storage service to the client system.
2 Assignments
0 Petitions
Accused Products
Abstract
At a hosted storage service, a resource and a request to store the resource are received. The request includes a location of an access control service. The access control service is separate from the hosted storage service and controls access permissions for the resource. A request to access the stored resource is received. The hosted storage service accesses metadata stored in association with the resource and determines that access permissions for the resource are controlled by the access control service. An access request is from the hosted storage service to the access control service, the access request identifying the resource and a user of the client system.
-
Citations
28 Claims
-
1. A method performed by one or more processors, the method comprising:
-
receiving, at a hosted storage service, a resource and a request to store the resource, the request including a location of an access control service, wherein the access control service is separate from the hosted storage service and controls access permissions for the resource; storing, at the hosted storage service, the resource in association with metadata that indicates the location of the access control service; receiving, at the hosted storage service and from a client system, a request to access the stored resource; accessing, at the hosted storage service, the metadata stored in association with the resource; determining, at the hosted storage service and based on the metadata, that access permissions for the resource are controlled by the access control service; in response to determining that access permissions for the resource are controlled by the access control service, sending an access request from the hosted storage service to the access control service, the access request identifying the resource and a user of the client system; receiving, at the hosted storage service and from the access control service, an access response that indicates the user is permitted to access the resource; and in response to receiving the access response, sending the resource from the hosted storage service to the client system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a hosted storage service configured to; receive a resource and a request to store the resource, the request including a location of an access control service, wherein the access control service is separate from the hosted storage service and controls access permissions for the resource; store the resource in association with metadata that indicates the location of the access control service; receive a request to access the stored resource; access the metadata stored in association with the resource; determine, based on the metadata, that access permissions for the resource are controlled by the access control service; in response to determining that access permissions for the resource are controlled by the access control service, send an access request to the access control service, the access request identifying the resource and a user of the client system; and receive, from the access control service, an access response that indicates the user is permitted to access the resource; and in response to receiving the access response, send the resource from the hosted storage service to the client system; a client system configured to; send, to the hosted storage service, the request to access the stored resource; and receive from the hosted storage service, the resource; and an access control service configured to; receive, from the hosted storage service, the access request; and send, in response to receiving the access request, the access response. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification