DELEGATED PERMISSIONS IN A DISTRIBUTED ELECTRONIC ENVIRONMENT

US 20160352753A1
Filed: 08/15/2016
Published: 12/01/2016
Est. Priority Date: 02/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

obtaining, on an application executing on a computing device, a user credential associated with a user;

providing, by the application to a first provider of web services, the user credential;

securing, in the application and from the first provider, access to a first web service and to associated web service credentials, the access based at least in part on the user credentials, wherein;

the web service credentials are associated with the user credential; and

the web service credentials comprise access rights to first resources;

providing, from the application to a second provider of web services, the user credential and a copy of the web service credentials; and

securing, in the application and from the second provider, access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Delegation profiles are established that are associated with at least one secured account of at least one customer. Each delegation profile includes information such as a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once a delegation profile is created, the profile can be available for external principals or services that provide a user credential delegated access under the account, where that credential is provided by a trusted identity service. Access can be provided across accounts using the user credential.

Citations

20 Claims

1. A method comprising:
- obtaining, on an application executing on a computing device, a user credential associated with a user;
  
  providing, by the application to a first provider of web services, the user credential;
  
  securing, in the application and from the first provider, access to a first web service and to associated web service credentials, the access based at least in part on the user credentials, wherein;
  
  the web service credentials are associated with the user credential; and
  
  the web service credentials comprise access rights to first resources;
  
  providing, from the application to a second provider of web services, the user credential and a copy of the web service credentials; and
  
  securing, in the application and from the second provider, access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the user credential is obtained from a third party service.
  - 3. The method of claim 1, wherein the user credential is obtained from a security token service or an identity management service.
  - 4. The method of claim 1, wherein the first and second web services are web interfaces with configuration to access the first and second resources respectively.
  - 5. The method of claim 1, wherein the first and second resources include viewing applications and storage applications.
  - 6. The method of claim 1, wherein the levels of delegated access rights comprise permissions for administrators, users without delete capabilities, users without application launch capabilities, and users with limited access capabilities.
  - 7. The method of claim 1, wherein the at least one of the web service credentials provided to the second provider is a web service credential with limited access permissions.

8. A system comprising:
- at least one processor; and
  
  memory including instructions that, when executed by the at least one processor, cause the computer system to;
  
  obtain a user credential comprising identity for a user;
  
  provide, to a first provider of web services, the user credential;
  
  secure access to a first web service and to associated web service credentials, the access based at least in part on the user credentials, wherein;
  
  the web service credentials are associated with the user credential; and
  
  the web service credentials comprise access rights to first resources;
  
  provide, to a second provider of web services, the user credential and a copy of the web service credentials; and
  
  secure access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the user credential is obtained from a third party service.
  - 10. The system of claim 8, wherein the user credential is obtained from a security token service or an identity management service.
  - 11. The system of claim 8, wherein the first and second web services are web interfaces with configuration to access the first and second resources respectively.
  - 12. The system of claim 8, wherein the first and second resources include viewing applications and storage applications.
  - 13. The system of claim 8, wherein the levels of delegated access rights comprise permissions for administrators, users without delete capabilities, users without application launch capabilities, and users with limited access capabilities.
  - 14. The system of claim 8, wherein the at least one of the web service credentials provided to the second provider is a web service credential with limited access permissions.

15. A non-transitory computer readable medium comprising computer-readable code, which when executed on a processor of a computing system, cause the computing system to:
- obtain a user credential comprising identity for a user;
  
  provide, to a first provider of web services, the user credential;
  
  secure access to a first web service and to associated web service credentials, the access based at least in part of the user credentials, wherein;
  
  the web service credentials are associated with the user credential; and
  
  the web service credentials comprise access rights to first resources;
  
  provide, to a second provider of web services, the user credential and a copy of the web service credentials; and
  
  secure access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein the user credential is obtained from a third party service.
  - 17. The non-transitory computer readable medium of claim 15, wherein the user credential is obtained from a security token service or an identity management service.
  - 18. The non-transitory computer readable medium of claim 15, wherein the first and second web services are web interfaces with configuration to access the first and second resources respectively.
  - 19. The non-transitory computer readable medium of claim 15, wherein the first and second resources include viewing applications and storage applications.
  - 20. The non-transitory computer readable medium of claim 15, wherein the different levels of delegated access rights comprise permissions for administrators, users without delete capabilities, users without application launch capabilities, and users with limited access capabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Popick, Daniel Stephen, Behm, Bradley Jeffery

Granted Patent

US 10,097,558 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

G06Q 20/06   Private payment circuits, e...

G06Q 2220/00   Business processing using c...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

DELEGATED PERMISSIONS IN A DISTRIBUTED ELECTRONIC ENVIRONMENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DELEGATED PERMISSIONS IN A DISTRIBUTED ELECTRONIC ENVIRONMENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links