SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM
First Claim
Patent Images
1. A system including a fee-based integrated service that a user belonging to a tenant for which a license is set is able to use, a free integrated service, an authentication/authorization service, a print service, and a client,wherein at least one of a plurality of central processing units (CPUs) included in the system functions as:
- a setting unit configured to, when a user uses the fee-based integrated service, assign a role to user information of the user and not to set a scope for authorization information issued based on the user information, and configured not to, when the user uses the free integrated service, assign a role to the user information of the user and to set a scope for the authorization information issued based on the user information; and
an authorization unit configured to, in a case where a print request is transmitted from a web browser of the client to the print service via the fee-based integrated service, authorize use of the fee-based integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifies whether a role is assigned to the user information without verifying a definition of a scope linked to the authorization information, and the authorization unit, based on a determination by the authentication/authorization service that a role is assigned to the user information linked to the authorization information, authorizes the use of the fee-based service, andin a case where a print request is transmitted from the web browser of the client to the print service via the free integrated service, authorize use of the fee integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifies whether a scope linked to the authorization information is included in a scope for using the free integrated service, and the authorization unit, based on a determination by the authentication/authorization service that the scope linked to the authorization information is included in the scope for using the free integrated service, authorize the use of the free integrated service without the authentication/authorization service verifying whether a role is assigned to the user information linked to the authorization information.
0 Assignments
0 Petitions
Accused Products
Abstract
An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service.
-
Citations
2 Claims
-
1. A system including a fee-based integrated service that a user belonging to a tenant for which a license is set is able to use, a free integrated service, an authentication/authorization service, a print service, and a client,
wherein at least one of a plurality of central processing units (CPUs) included in the system functions as: -
a setting unit configured to, when a user uses the fee-based integrated service, assign a role to user information of the user and not to set a scope for authorization information issued based on the user information, and configured not to, when the user uses the free integrated service, assign a role to the user information of the user and to set a scope for the authorization information issued based on the user information; and an authorization unit configured to, in a case where a print request is transmitted from a web browser of the client to the print service via the fee-based integrated service, authorize use of the fee-based integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifies whether a role is assigned to the user information without verifying a definition of a scope linked to the authorization information, and the authorization unit, based on a determination by the authentication/authorization service that a role is assigned to the user information linked to the authorization information, authorizes the use of the fee-based service, and in a case where a print request is transmitted from the web browser of the client to the print service via the free integrated service, authorize use of the fee integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifies whether a scope linked to the authorization information is included in a scope for using the free integrated service, and the authorization unit, based on a determination by the authentication/authorization service that the scope linked to the authorization information is included in the scope for using the free integrated service, authorize the use of the free integrated service without the authentication/authorization service verifying whether a role is assigned to the user information linked to the authorization information.
-
-
2. A method comprising:
-
when a user uses a fee-based integrated service that a user belonging to a tenant for which a license is set is able to use, assigning a role to user information of the user and not setting a scope for authorization information issued based on the user information, and, when the user uses a free integrated service, not assigning a role to the user information of the user and setting a scope for the authorization information issued based on the user information; and in a case where a print request is transmitted from a web browser of a client to a print service via the fee-based integrated service, authorizing use of the fee-based integrated service in a manner such that the print service transmits authorization information related to the print request to an authentication/authorization service, the authentication/authorization service verifying whether a role is assigned to the user information without verifying a definition of a scope linked to the authorization information, and, based on a determination that a role is assigned to the user information linked to the authorization information, authorizing the use of the fee-based service, and in a case where a print request is transmitted from the web browser of the client to the print service via the free integrated service, authorizing use of the fee integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifying whether a scope linked to the authorization information is included in a scope for using the free integrated service, and, based on a determination that the scope linked to the authorization information is included in the scope for using the free integrated service, authorizing the use of the free integrated service without the authentication/authorization service verifying whether a role is assigned to the user information linked to the authorization information.
-
Specification