User-centric consent management system and method
First Claim
1. A method of managing access by a client to user-specific information maintained in connection with a plurality of services, the method comprising:
- maintaining a plurality of items of user-specific information in more than one of a plurality of services offered by a web-services provider and used by a user of said plurality of services;
obtaining a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client to access the plurality of items of user-specific information in order to complete the task request; and
for each of the plurality of items of user-specific information required by the client to complete the task request;
determining if the client has consent to access the items of user-specific information required by the client to complete the task request;
selectively obtaining consent, from a party having authority to grant access to the client for the client to access the item of user-specific information if the client lacks consent as a function of said determining;
filling the client access request directed to the item if the client has consent to access the item of user-specific information;
initiating the task request requiring the client to access the item of user-specific information in order to complete the task request;
translating the task request into the plurality of client access requests to complete the task request wherein selectively obtaining consent for the client to access the item of user-specific information comprises;
identifying the task request;
placing the identified task request in a task queue;
identifying the party with authority to grant consent to the client to access the item of user-specific information for which the client lacked consent to access; and
displaying a consent menu to the identified party with authority, said consent menu prompting the identified party to grant or deny consent for the client to access the item of user-specific information for which the client lacked consent to access.
2 Assignments
0 Petitions
Accused Products
Abstract
In a network computing environment, a user-centric system and method for controlling access to user-specific information maintained in association with a web-services service. When a web-services client desires access to the user-specific information, the client sends a request. The request identifies the reasons/intentions for accessing the desired information. The request is compared to the user'"'"'s existing access permissions. If there is no existing access permission, the request is compared to the user'"'"'s default preferences. If the default preferences permit the requested access, an access rule is created dynamically and the client'"'"'s request is filled, without interrupting the user. If the default preferences do not permit the request to be filled, a consent user interface may be invoked. The consent user interface presents one or more consent options to a party with authority to grant consent, thereby permitting the user to control whether the client'"'"'s access will be filled.
-
Citations
36 Claims
-
1. A method of managing access by a client to user-specific information maintained in connection with a plurality of services, the method comprising:
-
maintaining a plurality of items of user-specific information in more than one of a plurality of services offered by a web-services provider and used by a user of said plurality of services; obtaining a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client to access the plurality of items of user-specific information in order to complete the task request; and for each of the plurality of items of user-specific information required by the client to complete the task request; determining if the client has consent to access the items of user-specific information required by the client to complete the task request; selectively obtaining consent, from a party having authority to grant access to the client for the client to access the item of user-specific information if the client lacks consent as a function of said determining; filling the client access request directed to the item if the client has consent to access the item of user-specific information; initiating the task request requiring the client to access the item of user-specific information in order to complete the task request; translating the task request into the plurality of client access requests to complete the task request wherein selectively obtaining consent for the client to access the item of user-specific information comprises; identifying the task request; placing the identified task request in a task queue; identifying the party with authority to grant consent to the client to access the item of user-specific information for which the client lacked consent to access; and displaying a consent menu to the identified party with authority, said consent menu prompting the identified party to grant or deny consent for the client to access the item of user-specific information for which the client lacked consent to access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A task-based method of managing consent transactions in a network computing environment, said network computing environment including a web-services provider providing a first service and a second service, a user of the first service and the second service, and a client of the web-services provider, the method comprising:
-
maintaining a first data store of user-specific information in connection with the first service; maintaining a second data store of user-specific information in connection with the second service; obtaining a first access request from the client and directed to the first service, said first access request indicating a first item of user-specific information maintained in the first data store to which the client seeks access in order to complete a task request; obtaining a second access request from the client and directed to the second service, said second access request indicating a second item of user-specific information maintained in the second data store to which the client seeks access in order to complete the task request; determining if the client has consent to access the first item of user-specific information and separately determining if the client has consent to access the second item of user-specific information; selectively obtaining consent if consent does not currently exist to allow the client to access the first item of user-specific information as a function of said determining, wherein selectively obtaining consent includes; identifying a party with authority to grant consent to the client to access the first item of user-specific information; and displaying a consent menu to the identified party with authority, said consent menu prompting the identified party to grant or deny consent to the client to access the first item of user-specific information. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method of managing consent transactions in a network computing environment, said network computing environment including a web-services provider providing a plurality of services, a user of the plurality of services, said web-services provider maintaining user-specific information associated with the user in connection with the plurality of services, and a client of the web-services provider, said user initiating a task request with the client, said client directing a plurality of access requests to the plurality of services in order to complete the task request, the method comprising:
selectively obtaining consent if the client lacks consent required to complete one or more of the plurality of access requests, wherein, for each of the one or more of the plurality of access requests, said obtaining consent includes; identifying a party with authority to grant consent to allow the client to complete the access request; and initiating a consent request transaction with the identified party with authority to grant consent, said consent request transaction inviting the party with authority to grant consent to allow the client to complete the access request. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
32. A method of controlling access to user-specific information for use in connection with a network computing environment including a web-services provider, a user of a service provided by the web-services provider, and a client of the web-services provider, said web-services provider maintaining a data store of user-specific information associated with the user in connection with the service, and said client seeking access to one or more of a plurality of items of user-specific information in the data store and transmitting an access request message directed to the service and indicating the one or more of the plurality of items of user-specific information in the data store to which the client seeks access the method comprising, for each of the one or more of the plurality of items:
-
comparing the access request message to an access control list associated with the service, said access control list identifying whether the client has permission to access the item of user-specific information; placing the access request in a pending request queue; transmitting a service response message to the client, said service response message indicating a fault if the access control list identifies that the client does not have permission to access the item of user-specific information and said service response message indicating a success if the access control list identifies that the client has permission to access the item of user-specific information; selectively obtaining consent, from a party having authority to grant consent to the client, for the client to access the item of user-specific information if the service response message received by the client indicates a fault; and filling the access request if the access control list authorizes the client to access the item of user-specific information in the data store and removing the access request from the pending request queue wherein selectively obtaining consent further includes; identifying a party with authority to grant permission to the client to access the item of user-specific information; and displaying a consent menu to the identified party with authority to grant permission, said consent menu prompting the identified party to grant or deny permission for the client to access the item of user-specific information. - View Dependent Claims (33, 34, 35, 36)
-
Specification