DELEGATED PERMISSIONS IN A DISTRIBUTED ELECTRONIC ENVIRONMENT
First Claim
1. A method comprising:
- obtaining, on an application executing on a computing device, a user credential associated with a user;
providing, by the application to a first provider of web services, the user credential;
securing, in the application and from the first provider, access to a first web service and to associated web service credentials, the access based at least in part on the user credentials, wherein;
the web service credentials are associated with the user credential; and
the web service credentials comprise access rights to first resources;
providing, from the application to a second provider of web services, the user credential and a copy of the web service credentials; and
securing, in the application and from the second provider, access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service.
0 Assignments
0 Petitions
Accused Products
Abstract
Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Delegation profiles are established that are associated with at least one secured account of at least one customer. Each delegation profile includes information such as a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once a delegation profile is created, the profile can be available for external principals or services that provide a user credential delegated access under the account, where that credential is provided by a trusted identity service. Access can be provided across accounts using the user credential.
-
Citations
20 Claims
-
1. A method comprising:
-
obtaining, on an application executing on a computing device, a user credential associated with a user; providing, by the application to a first provider of web services, the user credential; securing, in the application and from the first provider, access to a first web service and to associated web service credentials, the access based at least in part on the user credentials, wherein; the web service credentials are associated with the user credential; and the web service credentials comprise access rights to first resources; providing, from the application to a second provider of web services, the user credential and a copy of the web service credentials; and securing, in the application and from the second provider, access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computer system to; obtain a user credential comprising identity for a user; provide, to a first provider of web services, the user credential; secure access to a first web service and to associated web service credentials, the access based at least in part on the user credentials, wherein; the web service credentials are associated with the user credential; and the web service credentials comprise access rights to first resources; provide, to a second provider of web services, the user credential and a copy of the web service credentials; and secure access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium comprising computer-readable code, which when executed on a processor of a computing system, cause the computing system to:
-
obtain a user credential comprising identity for a user; provide, to a first provider of web services, the user credential; secure access to a first web service and to associated web service credentials, the access based at least in part of the user credentials, wherein; the web service credentials are associated with the user credential; and the web service credentials comprise access rights to first resources; provide, to a second provider of web services, the user credential and a copy of the web service credentials; and secure access to a second web service and to data corresponding to both the user and to the first web service, wherein the data is accessible on second resources controlled via the second web service. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification