Extending organizational boundaries throughout a cloud architecture

US 20160099975A1
Filed: 12/15/2015
Published: 04/07/2016
Est. Priority Date: 01/02/2013
Status: Active Grant

First Claim

Patent Images

1. A method for extending organizational boundaries in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, comprising:

for each cloud resource of a set of cloud resources, marking the cloud resource as owned by one of a plurality of organizations that operate in the environment;

for one or more of the plurality of organizations that operate in the environment, registering a set of one or more domain names, wherein messages from users associated with a respective organization incorporate a domain name of the set of one or more domain names associated with the respective organization;

for one or more of the plurality of organizations that operate in the environment, providing a message handling policy associated with the respective organization with respect to the cloud resource owned by the respective organization, the message handling policy identifying how the cloud resource owned by the respective organization is permitted to be shared within the environment externally to the respective organization;

receiving a request from a user to access a cloud resource;

in response to the request, determining whether to permit the user access to the cloud resource associated with the request according to the ownership of the cloud resource and the domain name associated with the request; and

when the user is permitted access to the cloud resource associated with the request, enforcing a message handling policy of the respective organization that owns the cloud resource with respect to the cloud resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other organizations that are using the cloud environment, and by ensuring that any such requests for resources that are shared in this manner are associated with one or more message handling policies that have been defined by (or otherwise associated with) the resource-owning organization. Cloud resources owned by an organization (even those marked as “internal only”) may be selectively shared with one or more other organizations using the cloud environment depending on the domain names associated with the requests. Message handling policies are enforced with respect to shared resources.

18 Citations

View as Search Results

7 Claims

1. A method for extending organizational boundaries in an environment wherein computing resources are hosted in a shared pool of configurable computing resources, comprising:
- for each cloud resource of a set of cloud resources, marking the cloud resource as owned by one of a plurality of organizations that operate in the environment;
  
  for one or more of the plurality of organizations that operate in the environment, registering a set of one or more domain names, wherein messages from users associated with a respective organization incorporate a domain name of the set of one or more domain names associated with the respective organization;
  
  for one or more of the plurality of organizations that operate in the environment, providing a message handling policy associated with the respective organization with respect to the cloud resource owned by the respective organization, the message handling policy identifying how the cloud resource owned by the respective organization is permitted to be shared within the environment externally to the respective organization;
  
  receiving a request from a user to access a cloud resource;
  
  in response to the request, determining whether to permit the user access to the cloud resource associated with the request according to the ownership of the cloud resource and the domain name associated with the request; and
  
  when the user is permitted access to the cloud resource associated with the request, enforcing a message handling policy of the respective organization that owns the cloud resource with respect to the cloud resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein ownership of the cloud resource is marked on the basis of one of:
    - business ownership of the resource, administrative responsibility for the resource, and creation of the cloud resource by an owning user assigned to a particular organization.
  - 3. The method as described in claim 1 wherein a message handling policy for the cloud resource masks a user name of the user making the request while retaining in a log file of the organization that owns the cloud resource the domain name and organization associated with the request.
  - 4. The method as described in claim 1 wherein a message handling policy for the cloud resource provides the user with a nonce to control access to the cloud resource if the user is not associated with one or more domain names associated with the organization that owns the cloud resource.
  - 5. The method as described in claim 1 wherein a message handling policy for the cloud resource provides a custom text defining one or more terms of use associated with the cloud resource if the requesting user is associated with a domain name outside of the set of domain names associated with the organization that owns the cloud resource.
  - 6. The method as described in claim 5 wherein the message handling policy further comprises providing a notification of external sharing of the cloud resource to a designated entity.
  - 7. The method as described in claim 1 further including:
    - determining whether the user making the request has an associated visitor role;
      
      wherein permitting the user access to the cloud resource also depends on whether the user has been determined to have the associated visitor role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Banatwala, Mustansir, Moss, Harold III, Yates, Robert L., Zurko, Mary E.

Granted Patent

US 9,560,080 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 47/70   Admission control; Resource...

H04L 47/83   based on usage prediction

H04L 51/42   Mailbox-related aspects, e....

H04L 61/4511   using domain name system [DNS]

H04L 61/4523   using lightweight directory...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Extending organizational boundaries throughout a cloud architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Extending organizational boundaries throughout a cloud architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links