ACCESS MANAGEMENT IN A DATA STORAGE SYSTEM

US 20150227749A1
Filed: 02/13/2015
Published: 08/13/2015
Est. Priority Date: 02/13/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a first system, a request from a requester to access information;

determining, by the first system, that an access token is stored in a cache in the first system, the access token providing an indication to the first system that the requester is authenticated with the first system;

retrieving, by the first system, one or more roles stored in the cache, the one or more roles associated with the access token;

determining, by the first system, that the requester is authorized to access the information based on the one or more roles; and

in response to the determining, providing, by the first system, the information to the requester.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for managing access to information stored in a data storage system of an organization is provided. In an embodiment, the data storage system may be configured to receive a request from a requester on a client device to access information stored in the data storage system. In some aspects, upon receiving the request, the first system may determine that an access token identifying the requester is stored in a cache in the data storage system. In some aspects, the data storage system may then retrieve one or more roles from the cache. In some examples, the roles may be associated with the access token. In certain embodiments, the data storage system may then be configured to determine that the requester is authorized to access the information based on the roles and provide the information to the requester on the client device.

Citations

20 Claims

1. A computer-implemented method comprising:
- receiving, by a first system, a request from a requester to access information;
  
  determining, by the first system, that an access token is stored in a cache in the first system, the access token providing an indication to the first system that the requester is authenticated with the first system;
  
  retrieving, by the first system, one or more roles stored in the cache, the one or more roles associated with the access token;
  
  determining, by the first system, that the requester is authorized to access the information based on the one or more roles; and
  
  in response to the determining, providing, by the first system, the information to the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising:
    - identifying, by the first system, credential information from the request;
      
      providing, by the first system, the credential information to a second system;
      
      receiving, by the first system, the access token from the second system, based at least in part on validating, by the second system, the credential information;
      
      storing, by the first system, the access token in the cache; and
      
      providing, by the first system, the access token to the requester.
  - 3. The computer-implemented method of claim 2, further comprising receiving, by the first system, the one or more roles associated with the access token from the second system.
  - 4. The computer-implemented method of claim 3, further comprising storing, by the first system, the one or more roles associated with the access token in the cache.
  - 5. The computer-implemented method of claim 1, wherein determining, by the first system, that the requester is authorized to access the information based on the one or more roles further comprises comparing, by the first system, an access control list associated with the information with the one or more roles associated with the access token.
  - 6. The computer-implemented method of claim 3, wherein the one or more roles specify an access policy that enables the requester access to the information.
  - 7. The computer-implemented method of claim 1, wherein the request is formatted as a representational state transfer (REST) method call.

8. A system comprising:
- memory configured to store computer-executable instructions; and
  
  at least one processor configured to access the memory and execute the computer-executable instructions to collectively at least;
  
  receive a request from a requester to access information;
  
  determine that an access token is stored in a cache in the system, the access token providing an indication to the system that the requester is authenticated with the system;
  
  retrieve one or more roles stored in the cache, the one or more roles associated with the access token;
  
  determine that the requester is authorized to access the information based on the one or more roles; and
  
  provide the information to the requester.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the at least one processor is configured to execute the computer-executable instructions to:
    - identify credential information from the request;
      
      provide the credential information to a second system;
      
      receive the access token from the second system, based at least in part on validating, by the second system, the credential information;
      
      store the access token in the cache; and
      
      provide the access token to the requester.
  - 10. The system of claim 9, wherein the at least one processor is configured to execute the computer-executable instructions to receive the one or more roles associated with the access token from the second system.
  - 11. The system of claim 10, wherein the at least one processor is further configured to execute the computer-executable instructions to store the one or more roles associated with the access token in the cache.
  - 12. The system of claim 8, wherein the at least one processor is further configured to execute the computer-executable instructions to determine that the requester is authorized to access the information based on the one or more roles by comparing an access control list associated with the information with the one or more roles associated with the access token.
  - 13. The system of claim 8, wherein the one or more roles specify an access policy that enables the requester access to the information.
  - 14. The system of claim 8, wherein the request is formatted as a representational state transfer (REST) method call.

15. One or more non-transitory computer-readable media storing computer-executable instructions executable by one or more processors, the computer-executable instructions comprising:
- instructions that cause the one or more processors to receive a request from a requester to access information;
  
  instructions that cause the one or more processors to determine that an access token is stored in a cache in a first system, the access token providing an indication to the first system that the requester is authenticated with the first system;
  
  instructions that cause the one or more processors to retrieve one or more roles stored in the cache, the one or more roles associated with the access token;
  
  instructions that cause the one or more processors to determine that the requester is authorized to access the information based on the one or more roles; and
  
  instructions that cause the one or more processors to provide the information to the requester.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable media of claim 15, the instructions further comprising:
    - instructions that cause the one or more processors to identify credential information from the request;
      
      instructions that cause the one or more processors to provide the credential information to a second system;
      
      instructions that cause the one or more processors to receive the access token from a second system, based at least in part on validating, by the second system, the credential information;
      
      instructions that cause the one or more processors to store the access token in the cache; and
      
      instructions that cause the one or more processors to provide the access token to the requester.
  - 17. The computer-readable media of claim 16, the instructions further comprising instructions that cause the one or more processors to receive the one or more roles associated with the access token from the second system.
  - 18. The computer-readable media of claim 17, the instructions further comprising instructions that cause the one or more processors to store the one or more roles associated with the access token in the cache.
  - 19. The computer-readable media of claim 15, the instructions further comprising instructions that cause the one or more processors to determine that the requester is authorized to access the information based on the one or more roles by comparing an access control list associated with the information with the one or more roles associated with the access token.
  - 20. The computer-readable media of claim 15, wherein the request is formatted as a representational state transfer (REST) method call.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Schincariol, Merrick, Revanuru, Naresh

Granted Patent

US 10,225,325 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 9/5072   Grid computing

H04L 41/0806   for initial configuration o...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

ACCESS MANAGEMENT IN A DATA STORAGE SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS MANAGEMENT IN A DATA STORAGE SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links