IDENTITY CLOUD SERVICE AUTHORIZATION MODEL
First Claim
1. A method of authorizing access to a resource, the method comprising:
- receiving an access token request for an access token that corresponds to the resource, wherein the request comprises user information and application information, the user information comprising a role of the user and the application information comprising a role of the application;
evaluating the access token request by computing scopes for the access token, the computing comprising determining an intersection between the user information and the application information; and
providing the access token that comprises the computed scopes, the scopes based at least on the role of the user and the role of the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for authorizing access to a resource receives a request for an access token that corresponds to the resource, where the request includes user information and application information. The user information includes a role of the user and the application information includes a role of the application. The system evaluates the request by computing scopes for the access token, including determining an intersection between the user information and the application information. The system then provides the access token that includes the computed scopes, the scopes being based at least on the role of the user and the role of the application.
-
Citations
20 Claims
-
1. A method of authorizing access to a resource, the method comprising:
-
receiving an access token request for an access token that corresponds to the resource, wherein the request comprises user information and application information, the user information comprising a role of the user and the application information comprising a role of the application; evaluating the access token request by computing scopes for the access token, the computing comprising determining an intersection between the user information and the application information; and providing the access token that comprises the computed scopes, the scopes based at least on the role of the user and the role of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable medium having instructions stored thereon that, when executed by a processor, authorizes access to a resource, the authorizing access comprising:
-
receiving an access token request for an access token that corresponds to the resource, wherein the request comprises user information and application information, the user information comprising a role of the user and the application information comprising a role of the application; evaluating the access token request by computing scopes for the access token, the computing comprising determining an intersection between the user information and the application information; and providing the access token that comprises the computed scopes, the scopes based at least on the role of the user and the role of the application. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A cloud based system for authorizing access to a resource, the system comprising:
a processor that implements a microservice, the microservice functionality comprising; receiving an access token request for an access token that corresponds to the resource, wherein the request comprises user information and application information, the user information comprising a role of the user and the application information comprising a role of the application; evaluating the access token request by computing scopes for the access token, the computing comprising determining an intersection between the user information and the application information; and providing the access token that comprises the computed scopes, the scopes based at least on the role of the user and the role of the application. - View Dependent Claims (18, 19, 20)
Specification