FEDERATED ROLE PROVISIONING

US 20140298407A1
Filed: 04/02/2014
Published: 10/02/2014
Est. Priority Date: 03/29/2007
Status: Active Grant

First Claim

Patent Images

1-26. -26. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, techniques for federated role provisioning are provided. A federated role definition for a resource is constructed and distributed. The federated role definition includes a role hierarchy having role assignments and constraints for dynamically resolving and binding a resource to particular ones of the role assignments. A resource may have role assignments statically bound to its identity and dynamically bound to its identity. Furthermore, some role assignments may be inherited from the role hierarchy.

3 Citations

View as Search Results

50 Claims

1-26. -26. (canceled)

27. A method comprising:
- transmitting a role request associated with a resource to a processing system, wherein the resource is an electronic entity;
  
  dynamically receiving metadata from the processing system, the metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity, wherein the metadata is dynamically generated by the processing system;
  
  dynamically evaluating at least one role constraint associated with at least one role assignment; and
  
  determining the access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the at least one role assignment are bound to the resource;
  
  wherein the method is performed by a computing device.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The method of claim 27, wherein the at least one role constraint dynamically resolves the at least one role assignment, the at least one role constraint providing at least one policy associated with the at least one role assignment.
  - 29. The method of claim 27, wherein the processing system represents a federated role defining service, and wherein the computing device represents a service provider.
  - 30. The method of claim 27, wherein the at least one role assignment has a delayed binding by the computing device, the computing device capable of dynamically implementing modifications, deletions, and additions to the role hierarchy.
  - 31. The method of claim 27, wherein the metadata is dynamically transmitted by the processing system to the computing device.
  - 32. The method of claim 27, wherein the generated metadata further includes audit and compliance policy directives for the computing device to adhere to when binding each of the role assignments for the resource.

33. A method comprising:
- receiving a role request associated with a resource from a computing device, wherein the resource is an electronic entity;
  
  dynamically generating metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity;
  
  transmitting the metadata to the computing device, wherein the computing device dynamically evaluates at least one role constraint associated with at least one role assignment, and wherein, based on the evaluation, the computing determines access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the role assignment are bound to the resource;
  
  wherein the method is performed by a processing system.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The method of claim 33, wherein the at least one role constraint dynamically resolves the at least one role assignment, the at least one role constraint providing at least one policy associated with the at least one role assignment.
  - 35. The method of claim 33, wherein the processing system represents a federated role defining service, and wherein the computing device represents a service provider.
  - 36. The method of claim 33, wherein the at least one role assignment has a delayed binding by the computing device, the computing device capable of dynamically implementing modifications, deletions, and additions to the role hierarchy.
  - 37. The method of claim 33, wherein the metadata is dynamically transmitted by the processing system to the computing device.
  - 38. The method of claim 33, wherein the generated metadata further includes audit and compliance policy directives for the computing device to adhere to when binding each of the role assignments for the resource.

39. A non-transitory computer readable medium comprising instructions, which when executed by at least one processor of a computing device implements a method, the method comprising:
- transmitting a role request associated with a resource to a processing system, wherein the resource is an electronic entity;
  
  dynamically receiving metadata from the processing system, the metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity, wherein the metadata is dynamically generated by the processing system;
  
  dynamically evaluating at least one role constraint associated with at least one role assignment; and
  
  determining the access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the at least one role assignment are bound to the resource.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. The non-transitory computer readable medium of claim 39, wherein the at least one role constraint dynamically resolves the at least one role assignment, the at least one role constraint providing at least one policy associated with the at least one role assignment.
  - 41. The non-transitory computer readable medium of claim 39, wherein the processing system represents a federated role defining service, and wherein the computing device represents a service provider.
  - 42. The non-transitory computer readable medium or claim 39, wherein the at least one role assignment has a delayed binding by the computing device, the computing device capable of dynamically implementing modifications, deletions, and additions to the role hierarchy.
  - 43. The non-transitory computer readable medium of claim 39, wherein the metadata is dynamically transmitted by the processing system to the computing device.
  - 44. The non-transitory computer readable medium of claim 39, wherein the generated metadata further includes audit and compliance policy directives for the computing device to adhere to when binding each of the role assignments for the resource.

45. A non-transitory computer readable medium comprising instructions, which when executed by at least one processor of a computing device implements a method, the method comprising:
- receiving a role request associated with a resource from a computing device, wherein the resource is an electronic entity;
  
  dynamically generating metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity;
  
  transmitting the metadata to the computing device, wherein the computing device dynamically evaluates at least one role constraint associated with at least one role assignment, and wherein, based on the evaluation, the computing determines access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the role assignment are bound to the resource.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. The non-transitory computer readable medium of claim 45, wherein the at least one role constraint dynamically resolves the at least one role assignment, the at least one role constraint providing at least one policy associated with the at least one role assignment.
  - 47. The non-transitory computer readable medium of claim 45, wherein the processing system represents a federated role defining service, and wherein the computing device represents a service provider.
  - 48. The non-transitory computer readable medium of claim 45, wherein the at least one role assignment has a delayed binding by the computing device, the computing device capable of dynamically implementing modifications, deletions, and additions to the role hierarchy.
  - 49. The non-transitory computer readable medium of claim 45, wherein the metadata is dynamically transmitted by the processing system to the computing device.
  - 50. The non-transitory computer readable medium of claim 45, wherein the generated metadata further includes audit and compliance policy directives for the computing device to adhere to when binding each of the role assignments for the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
McClain, Carolyn B., Bergeson, Bruce L., Holm, Vernon Roger

Granted Patent

US 9,473,499 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6236 between heterogeneous systems

H04L 63/10 for controlling access to d...

FEDERATED ROLE PROVISIONING

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

3 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

FEDERATED ROLE PROVISIONING

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links