Policy-based automated consent
First Claim
1. A method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, comprising:
- upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client, the analysis being performed using a computing entity having a hardware element;
based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and
if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for intelligent automated consent is described by which a client may be automatically authorized to access a resource owner'"'"'s protected information (e.g., a profile) based on the owner'"'"'s previous authorization decisions and/or other client classifications. Using this approach to granting consent, the resource owner is not required to intervene during the authorization step for each client that is requesting access. Clients may be categorized, and authorization given to individual clients based on the category to which they belong and/or the scope of the access request. The technique may be implemented with user-centric identity protocols, as well as with delegated authorization protocols. The technique provides for policy-based consent grants.
123 Citations
20 Claims
-
1. A method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, comprising:
-
upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client, the analysis being performed using a computing entity having a hardware element; based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, the method comprising; upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client; based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, the method comprising:
-
upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client; based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification