Authentication and authorization methods for cloud computing platform security
First Claim
1. A method for authentication and authorization in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, comprising:
- receiving a request from a first entity for access to the shared pool of configurable computing resources managed by a second entity;
upon execution of an agreement among the first entity, the second entity and a third entity that is distinct from the first entity and the second entity, assigning the first entity a resource group;
registering a plug-in security module associated with the first entity in a plug-in service operated by the second entity in association with the shared pool of configurable computing resources;
enabling access to the resource group via the plug-in security module; and
upon receiving a permission to disassociate the first entity from the resource group, returning the resource group to the shared pool.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer'"'"'s application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.
-
Citations
24 Claims
-
1. A method for authentication and authorization in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, comprising:
-
receiving a request from a first entity for access to the shared pool of configurable computing resources managed by a second entity; upon execution of an agreement among the first entity, the second entity and a third entity that is distinct from the first entity and the second entity, assigning the first entity a resource group; registering a plug-in security module associated with the first entity in a plug-in service operated by the second entity in association with the shared pool of configurable computing resources; enabling access to the resource group via the plug-in security module; and upon receiving a permission to disassociate the first entity from the resource group, returning the resource group to the shared pool. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus for authentication and authorization in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; receiving a request from a first entity for access to the shared pool of configurable computing resources managed by a second entity; upon execution of an agreement among the first entity, the second entity and a third entity that is distinct from the first entity and the second entity, assigning the first entity a resource group; registering a plug-in security module associated with the first entity in a plug-in service operated by the second entity in association with the shared pool of configurable computing resources; and enabling access to the resource group via the plug-in security module; and upon receiving a permission to disassociate the first entity from the resource group, returning the resource group to the shared pool. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system for authentication and authorization in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
receiving a request from a first entity for access to the shared pool of configurable computing resources managed by a second entity; upon execution of an agreement among the first entity, the second entity and a third entity that is distinct from the first entity and the second entity, assigning the first entity a resource group; registering a plug-in security module associated with the first entity in a plug-in service operated by the second entity in association with the shared pool of configurable computing resources; enabling access to the resource group via the plug-in security module; and upon receiving a permission to disassociate the first entity from the resource group, returning the resource group to the shared pool. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. Apparatus operated in a shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor (i) to provide an application programming interface (API) that receives, as plug-ins, first and second security modules, the first security module being associated with a first client of the shared pool of configurable computing resources, the second security module being associated with a second client of the shared pool of configurable computing resources, (ii) to allocate to each of the first and second clients, first and second resource groups, wherein access to the first resource group is permitted by the first security module, wherein access to the second resource group is permitted by the second security module; and
(iii) to return a resource group to the shared pool upon either receiving an indication from one of;
the first party, and the third party. - View Dependent Claims (23, 24)
-
Specification