Extending organizational boundaries throughout a cloud architecture
1 Assignment
0 Petitions
Accused Products
Abstract
An information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other organizations that are using the cloud environment, and by ensuring that any such requests for resources that are shared in this manner are associated with one or more message handling policies that have been defined by (or otherwise associated with) the resource-owning organization. Cloud resources owned by an organization (even those marked as “internal only”) may be selectively shared with one or more other organizations using the cloud environment depending on the domain names associated with the requests. Message handling policies are enforced with respect to shared resources.
35 Citations
21 Claims
-
1-7. -7. (canceled)
-
8. Apparatus for extending organizational boundaries in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; for each of a set of cloud resources, marking the cloud resource as owned by one of a plurality of organizations that operate in the environment; for one or more of the plurality of organizations that operate in the environment, registering a set of one or more domain names, wherein messages from users associated with a respective organization incorporate a domain name of the set of one or more domain names associated with the respective organization; for one or more of the plurality of organizations that operate in the environment, providing a message handling policy associated with the respective organization with respect to a particular cloud resource owned by that organization, the message handling policy identifying how the particular cloud resource is permitted to be shared within the cloud environment externally to the organization;
receiving a request from a user to access a cloud resource;in response to the request, determining whether to permit the user access to the cloud resource according to the ownership of the cloud resource and the domain name associated with the request; and if the user is permitted access to the cloud resource, enforcing a message handling policy associated with the cloud resource. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system for extending organizational boundaries in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
for each of a set of cloud resources, marking the cloud resource as owned by one of a plurality of organizations that operate in the environment; for one or more of the plurality of organizations that operate in the environment, registering a set of one or more domain names, wherein messages from users associated with a respective organization incorporate a domain name of the set of one or more domain names associated with the respective organization; for one or more of the plurality of organizations that operate in the environment, providing a message handling policy associated with the respective organization with respect to a particular cloud resource owned by that organization, the message handling policy identifying how the particular cloud resource is permitted to be shared within the cloud environment externally to the organization; receiving a request from a user to access a cloud resource; in response to the request, determining whether to permit the user access to the cloud resource according to the ownership of the cloud resource and the domain name associated with the request; and if the user is permitted access to the cloud resource, enforcing a message handling policy associated with the cloud resource. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification