METHOD AND A SERVER FOR PROCESSING A REQUEST FROM A TERMINAL TO ACCESS A COMPUTER RESOURCE
First Claim
1. A processing method for processing an access request from a terminal of a user to a computer resource made available to a client entity by a platform of a cloud computer service supplier, said method being for performing by an authentication and authorization module of a server situated between the terminal and the platform, said authentication and authorization module being dedicated to said client entity, said processing method comprising, on the access request being received by the server:
- authenticating the user with the help of at least a first authentication parameter for authenticating the user with the server;
verifying that the user is authorized to access the computer resource via said terminal by applying to said user and to said resource an access control model and an access control policy corresponding to said model, which model and policy are obtained by said authentication and authorization module for said client entity; and
if the user is authorized to access the computer resource, sending to the platform a request derived from the access request on the basis of at least one second authentication parameter for authenticating the client entity with the platform;
orelse rejecting the access request.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier.
31 Citations
21 Claims
-
1. A processing method for processing an access request from a terminal of a user to a computer resource made available to a client entity by a platform of a cloud computer service supplier, said method being for performing by an authentication and authorization module of a server situated between the terminal and the platform, said authentication and authorization module being dedicated to said client entity, said processing method comprising, on the access request being received by the server:
-
authenticating the user with the help of at least a first authentication parameter for authenticating the user with the server; verifying that the user is authorized to access the computer resource via said terminal by applying to said user and to said resource an access control model and an access control policy corresponding to said model, which model and policy are obtained by said authentication and authorization module for said client entity; and if the user is authorized to access the computer resource, sending to the platform a request derived from the access request on the basis of at least one second authentication parameter for authenticating the client entity with the platform;
orelse rejecting the access request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 20, 21)
-
-
13. A server situated between a terminal of a user and a platform of a cloud computer service supplier for making computer resources available to at least one client entity, said server including at least one authentication and authorization module dedicated to a said client entity and comprising:
-
an authentication unit for authenticating the user, which unit is activated on receiving a request from said terminal to access a said computer resource made available to said client entity, said authentication unit being suitable for using at least a first authentication parameter for authenticating the user with the server; a verification unit suitable for verifying that said user is authorized to access said computer resource via said terminal by applying to said user and to said resource an access control model and an access control policy corresponding to said model, which model and policy are obtained by said verification unit for said client entity; a sender unit that is activated if the user is authorized to access said computer resource for sending to the platform a request that is derived from the access request on the basis of at least a second authentication parameter for authenticating the client entity with the platform; and a unit suitable for rejecting the access request if the user is not authorized to access said computer resource. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification