×

IDENTITY CLOUD SERVICE AUTHORIZATION MODEL WITH DYNAMIC ROLES AND SCOPES

  • US 20170329957A1
  • Filed: 05/09/2017
  • Published: 11/16/2017
  • Est. Priority Date: 05/11/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method of authorizing access to a resource associated with a tenancy in an identity management system that comprises a plurality of tenancies, the method comprising:

  • receiving an access token request for an access token that corresponds to the resource, wherein the request comprises user information and application information, the user information comprising roles of a user and the application information comprising roles of the application;

    determining dynamic roles for the user and dynamic roles for the application;

    evaluating the access token request by computing static scopes for the access token comprising determining a first intersection between the user information and the application information;

    evaluating the access token request by computing dynamic roles and corresponding dynamic scopes for the access token comprising a second intersection between the dynamic roles of the user and the dynamic roles of the application; and

    providing the access token that comprises the computed static scopes, wherein the scopes are based at least on roles of the user and the roles of the application, and further comprising the computed dynamic roles and corresponding dynamic scopes.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×