FEDERATED ROLE PROVISIONING
0 Assignments
0 Petitions
Accused Products
Abstract
In various embodiments, techniques for federated role provisioning are provided. A federated role definition for a resource is constructed and distributed. The federated role definition includes a role hierarchy having role assignments and constraints for dynamically resolving and binding a resource to particular ones of the role assignments. A resource may have role assignments statically bound to its identity and dynamically bound to its identity. Furthermore, some role assignments may be inherited from the role hierarchy.
3 Citations
50 Claims
-
1-26. -26. (canceled)
-
27. A method comprising:
-
transmitting a role request associated with a resource to a processing system, wherein the resource is an electronic entity; dynamically receiving metadata from the processing system, the metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity, wherein the metadata is dynamically generated by the processing system; dynamically evaluating at least one role constraint associated with at least one role assignment; and determining the access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the at least one role assignment are bound to the resource; wherein the method is performed by a computing device. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. A method comprising:
-
receiving a role request associated with a resource from a computing device, wherein the resource is an electronic entity; dynamically generating metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity; transmitting the metadata to the computing device, wherein the computing device dynamically evaluates at least one role constraint associated with at least one role assignment, and wherein, based on the evaluation, the computing determines access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the role assignment are bound to the resource; wherein the method is performed by a processing system. - View Dependent Claims (34, 35, 36, 37, 38)
-
-
39. A non-transitory computer readable medium comprising instructions, which when executed by at least one processor of a computing device implements a method, the method comprising:
-
transmitting a role request associated with a resource to a processing system, wherein the resource is an electronic entity; dynamically receiving metadata from the processing system, the metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity, wherein the metadata is dynamically generated by the processing system; dynamically evaluating at least one role constraint associated with at least one role assignment; and determining the access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the at least one role assignment are bound to the resource. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. A non-transitory computer readable medium comprising instructions, which when executed by at least one processor of a computing device implements a method, the method comprising:
-
receiving a role request associated with a resource from a computing device, wherein the resource is an electronic entity; dynamically generating metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity; transmitting the metadata to the computing device, wherein the computing device dynamically evaluates at least one role constraint associated with at least one role assignment, and wherein, based on the evaluation, the computing determines access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the at least one role assignment before the access privileges and limitations for the role assignment are bound to the resource. - View Dependent Claims (46, 47, 48, 49, 50)
-
Specification