Secure resource access
First Claim
1. In a computer network, an access authorization method, comprising:
- receiving a request from a client, acting on behalf of a first resource, to access a second resource;
before accessing the second resource, using client programming that is autonomous of the first and second resources to redirect the client to an authorization service that is also autonomous of the first and second resources; and
the authorization service authenticating a user, identifying policy data for the first resource, if any, and returning to the client an interface generated according to the identified policy data, if any, enabling the user to grant or deny authorization.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for enabling a user to authorize a client, acting under the directed of a first resource, to access a second resource. Before the client accesses the second resource, client programming, that is autonomous of the first and second resources, redirects the client to an authorization service that is also autonomous of the first and second resource. The authorization service authenticates the user, identifies policy data, if any, associated with the user and the first resource, and then returns to the client an interface generated according to the identified policy data, if any, enabling the user to grant or deny authorization. Where policy data does not exist, the authorization service returns an interface to the client enabling the user to set policy data.
25 Citations
39 Claims
-
1. In a computer network, an access authorization method, comprising:
-
receiving a request from a client, acting on behalf of a first resource, to access a second resource; before accessing the second resource, using client programming that is autonomous of the first and second resources to redirect the client to an authorization service that is also autonomous of the first and second resources; and the authorization service authenticating a user, identifying policy data for the first resource, if any, and returning to the client an interface generated according to the identified policy data, if any, enabling the user to grant or deny authorization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In a computer network, a method for enabling a user to authorize a client acting on behalf of a first resource to access a second resource, comprising:
-
before accessing the second resource, using client programming that is autonomous of the first and second resources to redirect the client to an authorization service that is also autonomous of the first and second resources; the authorization service authenticating the user, acquiring policy data for the first resource, if any; and where no policy data exists, returning to the client an interface enabling the user to set policy data for the first resource; where the acquired policy data indicates that the user must grant or deny authorization for each access made of the second resource, returning an interface enabling the user to grant or deny authorization; and where the acquired policy data indicates that the user grants authorization for a current session, providing the authorization service with session data for the first resource, and determining whether the session data is current, and, if the session data is new and not current, returning to the client an interface enabling the user to grant or deny authorization for the new session. - View Dependent Claims (11, 12, 13)
-
-
14. In a computer network, an access authorization method, comprising:
-
receiving from a client a request to access a first resource; returning to the client interface content having instructions to access a second resource; using client programming that is autonomous of the first and second resources to redirect the client to an authorization service that is also autonomous of the first and second resources; and the authorization service authenticating the user, identifying policy data for the first resource, if any, and returning to the client an interface generated according to the identified policy data, if any, enabling the user to grant or deny authorization for the instructions to access the second resource. - View Dependent Claims (15, 16, 17)
-
-
18. A computer readable medium having instructions for:
-
intercepting instructions from content provided to a client by a first resource that direct the client to access a second resource; identifying an authorization service that is autonomous from the first and second resources; and redirecting the client to the identified authorization service. - View Dependent Claims (19, 20)
-
-
21. A computer readable medium, having instructions for:
-
receiving an access request from a client the request including data identifying a first resource; acquiring policy data for the first resource, if it exists; returning to the client an interface generated according to the identified policy data, if any, enabling the user to grant or deny authorization for a request made by or on behalf of the first resource to access a second resource. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. Programming for enabling a user to authorize a client acting on behalf of a first resource to access a second resource, the programming embodied in a computer readable medium having instructions for:
-
intercepting instructions from interface content provided to a client by the first resource that direct the client to access the second resource; identifying an authorization service that is autonomous from the first and second resources; redirecting the client to the identified authorization service; acquiring session data, data identifying the user, and data identifying the first resource; authenticating the data identifying the user acquiring policy data, if any, for the first resource; and where no policy data exists, returning to the client an interface enabling the user to set policy data; where the acquired policy data indicates that the user must grant or deny authorization for each access made of the second resource, returning to the client an interface enabling the user to grant or deny authorization; and where the acquired policy data indicates that the user grants authorization for a current session, determining whether the acquired session data is current if the session data is new and not current, returning to the client an interface enabling the user to grant or deny authorization for the new session. - View Dependent Claims (28, 29)
-
-
30. A computer readable medium having instructions for
receiving from a client a request to access a first resource; -
returning to the client interface content having instructions to access a second resource; redirecting the client to an authorization service that is autonomous of the first and second resources; providing the authorization service with data identifying the first resource; and identifying policy data, if any, for the first resource and returning to the client an interface generated according to the identified policy data, if any, enabling the user to grant or deny authorization for the instructions to access the second resource. - View Dependent Claims (31, 32, 33)
-
-
34. In a computer network, a system for enabling a user to authorize a client, acting on behalf of a first resource, to access a second resource, the system comprising an authorization extension and an authorization service each autonomous from the first and second resources;
-
the authorization extension operable to; intercept instructions from content provided to the client by the first resource that direct the client to access the second resource; identify the authorization service; and redirect the client to the authorization service; and the authorization service operable to; acquire data identifying the user, data identifying the first resource, arid data identifying the second resource; acquire policy data, if any, for the first resource; and return to the client an interface generated according to the policy data, if any, enabling the user to grant or deny authorization for the instructions to access the second resource. - View Dependent Claims (35, 36)
-
-
37. In a computer network, a system for enabling a user to authorize a client, acting on behalf of a first resource, to access a second resource, the system comprising:
-
a means for intercepting instructions from content provided to a client by the first resource that direct the client to access the second resource; a means for identifying an authorization service that is autonomous from the first and second resources; a means for redirecting the client to the identified authorization service; a means for acquiring session data and identifying the user a means for authenticating the data identifying the user a means for acquiring policy data, if any, for the first resource; and a means for returning to the client an interface, generated according to the acquired policy data, enabling the user to grant or deny authorization. - View Dependent Claims (38, 39)
-
Specification