CONTRIBUTION SIGNATURES FOR TAGGING
First Claim
1. A computer-implemented method, comprising:
- receiving, to a computing resource environment, a first signed request comprising signed tagging metadata for tagging a resource that is to be provisioned in the computing resource environment with at least one service;
determining that the first signed request comprises at least one second signed request and at least one second signed metadata that are signed by at least one second entity that is other than a source of the signed request;
validating a first signature for the first signed request and at least one second signature for the at least one second signed request; and
provisioning the resource with access to the at least one service based in part on an association of the at least one service with the at least one second signed metadata.
0 Assignments
0 Petitions
Accused Products
Abstract
A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, to a computing resource environment, a first signed request comprising signed tagging metadata for tagging a resource that is to be provisioned in the computing resource environment with at least one service; determining that the first signed request comprises at least one second signed request and at least one second signed metadata that are signed by at least one second entity that is other than a source of the signed request; validating a first signature for the first signed request and at least one second signature for the at least one second signed request; and provisioning the resource with access to the at least one service based in part on an association of the at least one service with the at least one second signed metadata. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to; receive, to a computing resource environment, a first signed request comprising signed tagging metadata for tagging a resource by a first source; determining that the first signed request comprises at least one second signed request and at least one second signed metadata that are signed by at least one second source; validating a first signature for the first signed request and at least one second signature for the at least one second signed request; and provisioning the resource with access to at least one service of the at least one second source based in part on the at least one second signed metadata. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium comprising instructions that when executed by at least one processor cause the at least one processor to:
-
receive, to a computing resource environment, a first signed request comprising signed tagging metadata for tagging a resource by a first source; determining that the first signed request comprises at least one second signed request and at least one second signed metadata that are signed by at least one second source; validating a first signature for the first signed request and at least one second signature for the at least one second signed request; and provisioning the resource with access to at least one service of the at least one second source based in part on the at least one second signed metadata. - View Dependent Claims (17, 18, 19, 20)
-
Specification