×

Role-based authorization of network services using diversified security tokens

  • US 7,434,252 B2
  • Filed: 07/14/2004
  • Issued: 10/07/2008
  • Est. Priority Date: 07/14/2004
  • Status: Active Grant
First Claim
Patent Images

1. In a network environment that includes a service providing computing system and a network connected to the service providing computing system, the service providing computing system offering one or more services, the network being capable of delivering to the service providing computing system a plurality of service request messages associated with diversified security token types, a method for the service providing computing system to perform end-to-end role-based authorization regardless of the security token type used, the one or more services using the security tokens being associated with the received service request messages despite the received service request messages having diversified security token types, the method comprising the following:

  • an act of receiving a service request message over the network, the service request message requesting a specific service offered by the service providing computing system to authorized users, the service request including a security token of a designated security token type, the designated security token type comprising one of a plurality of selectable security token types, and a policy component corresponding to the designated security token type, the policy component comprising rules indicating how a message with the designated security token type is to be handled;

    an act of accessing the security token of the designated security token type associated with the received service request message;

    an act of accessing the rules of the corresponding policy component to determine how the received service request message with the security token of the designated security token type is to be handled;

    an act of identifying one or more roles associated with the security token, each role being associated with a plurality of users, the one or more roles indicating one or more specific authorized services available to identities associated with the role;

    an act of correlating the one or more identified roles with the accessed security token; and

    an act of authorizing the requested service based on the accessed rules of the corresponding policy component and on the one or more identified correlated roles associated with the identity.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×