Role-based authorization of network services using diversified security tokens
First Claim
1. In a network environment that includes a service providing computing system and a network connected to the service providing computing system, the service providing computing system offering one or more services, the network being capable of delivering to the service providing computing system a plurality of service request messages associated with diversified security token types, a method for the service providing computing system to perform end-to-end role-based authorization regardless of the security token type used, the one or more services using the security tokens being associated with the received service request messages despite the received service request messages having diversified security token types, the method comprising the following:
- an act of receiving a service request message over the network, the service request message requesting a specific service offered by the service providing computing system to authorized users, the service request including a security token of a designated security token type, the designated security token type comprising one of a plurality of selectable security token types, and a policy component corresponding to the designated security token type, the policy component comprising rules indicating how a message with the designated security token type is to be handled;
an act of accessing the security token of the designated security token type associated with the received service request message;
an act of accessing the rules of the corresponding policy component to determine how the received service request message with the security token of the designated security token type is to be handled;
an act of identifying one or more roles associated with the security token, each role being associated with a plurality of users, the one or more roles indicating one or more specific authorized services available to identities associated with the role;
an act of correlating the one or more identified roles with the accessed security token; and
an act of authorizing the requested service based on the accessed rules of the corresponding policy component and on the one or more identified correlated roles associated with the identity.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for performing role-based authorization of the one or more services using security tokens associated with received service request messages. This role-based authentication is performed regardless of the type of security token associated with the received service request messages. Upon receiving a service request message over the network for a particular service offered by the service providing computing system, the service providing computing system accesses a security token associated with the received service request message. Then, the computing system identifies one or more roles that include the identity associated with the security token, and correlates the roles with the security token. These correlated roles are then used to authorize the requested service. This mechanism is performed regardless of the type of the security token.
-
Citations
36 Claims
-
1. In a network environment that includes a service providing computing system and a network connected to the service providing computing system, the service providing computing system offering one or more services, the network being capable of delivering to the service providing computing system a plurality of service request messages associated with diversified security token types, a method for the service providing computing system to perform end-to-end role-based authorization regardless of the security token type used, the one or more services using the security tokens being associated with the received service request messages despite the received service request messages having diversified security token types, the method comprising the following:
-
an act of receiving a service request message over the network, the service request message requesting a specific service offered by the service providing computing system to authorized users, the service request including a security token of a designated security token type, the designated security token type comprising one of a plurality of selectable security token types, and a policy component corresponding to the designated security token type, the policy component comprising rules indicating how a message with the designated security token type is to be handled; an act of accessing the security token of the designated security token type associated with the received service request message; an act of accessing the rules of the corresponding policy component to determine how the received service request message with the security token of the designated security token type is to be handled; an act of identifying one or more roles associated with the security token, each role being associated with a plurality of users, the one or more roles indicating one or more specific authorized services available to identities associated with the role; an act of correlating the one or more identified roles with the accessed security token; and an act of authorizing the requested service based on the accessed rules of the corresponding policy component and on the one or more identified correlated roles associated with the identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product for use in a network environment that includes a service providing computing system and a network connected to the service providing computing system, the service providing computing system offering one or more services, the network being capable of delivering to the service providing computing system a plurality of service request messages associated with diversified security token types, the computer program product for allowing the service providing computing system to perform end-to-end role-based authorization regardless of the security token type used, the one or more services using the security tokens being associated with the received service request messages despite the received service request messages having diversified security token types, the computer program product comprising one or more recordable-type computer-readable media having computer-executable instructions that, when executed by one or more processors of the service providing computing system, causes the service providing computing system to perform the following:
-
an act of receiving a service request message over the network, the service request message requesting a specific service offered by the service providing computing system to authorized users, the service request including a security token of a designated security token type, the designated security token type comprising one of a plurality of selectable security token types, and a policy component corresponding to the designated security token type, the policy component comprising rules indicating how a message with the designated security token type is to be handled; an act of accessing the security token of the designated security token type associated with the received service request message; an act of accessing the rules of the corresponding policy component to determine how the received service request message with the security token of the designated security token type is to be handled; an act of identifying one or more roles associated with the security token, each role being associated with a plurality of users, the one or more roles indicating one or more specific authorized services available to identities associated with the role; an act of correlating the one or more identified roles with the accessed security token; and an act of authorizing the requested service based on the accessed rules of the corresponding policy component and on the one or more identified correlated roles associated with the identity. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computer system comprising the following:
-
one or more processors; system memory; one or more recordable-type computer-readable media having thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to instantiate in system memory the following; a receiving module configured to receive a service request message over the network, the service request message requesting a specific service offered by the service providing computing system to authorized users, the service request including a security token of a designated security token type, the designated security token type comprising one of a plurality of selectable security token types, and a policy component corresponding to the designated security token type, the policy component comprising rules indicating how a message with the designated security token type is to be handled; a security token accessing module configured to access the security token of the designated security token type associated with the received service request message; a policy component rules accessing module configured to access the rules of the corresponding policy component to determine how the received service request message with the security token of the designated security token type is to be handled; a role identifying module configured to identify one or more roles associated with the security token, each role being associated with a plurality of users the one or more roles indicating one or more specific authorized services available to identities associated with the role; a role correlating module configured to correlate the one or more identified roles with the accessed security token; and a request service authorizing module configured to authorize the requested service based on the accessed rules of the corresponding policy component and on the one or more identified correlated roles associated with the identity.
-
Specification