Authorization for access to web service resources

US 7,979,896 B2
Filed: 02/01/2008
Issued: 07/12/2011
Est. Priority Date: 04/20/2007
Status: Active Grant

First Claim

Patent Images

1. A computing system for controlling access to a protected Web service resource, the computing system comprising:

a communication device for communicating across a communication network;

a processor communicatively connected to the communication device; and

memory storing program instructions, which when executed by the processor cause the computing system to perform operations comprising;

receiving a request to access a protected Web service resource from the communication network;

generating and storing a request resource associated with the request in memory, the request resource containing data that identifies whether the request has been authorized, the request resource including a request element storing a copy of a status element, a details element, an approval processes element, and a data element;

determining whether the request to access the protected Web service resource has been authorized;

if the request has not been authorized, denying access to the protected Web service resource; and

if the request has been authorized, permitting access to the protected Web service resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A web service includes a protected resource. A requester requests access to the protected resource by sending a request to the web service. The web service prevents access to the web service until the request has been authorized by an authorizer. After the request has been authorized by the authorizer, the web service allows the requester to access the protected resource.

Citations

18 Claims

1. A computing system for controlling access to a protected Web service resource, the computing system comprising:
- a communication device for communicating across a communication network;
  
  a processor communicatively connected to the communication device; and
  
  memory storing program instructions, which when executed by the processor cause the computing system to perform operations comprising;
  
  receiving a request to access a protected Web service resource from the communication network;
  
  generating and storing a request resource associated with the request in memory, the request resource containing data that identifies whether the request has been authorized, the request resource including a request element storing a copy of a status element, a details element, an approval processes element, and a data element;
  
  determining whether the request to access the protected Web service resource has been authorized;
  
  if the request has not been authorized, denying access to the protected Web service resource; and
  
  if the request has been authorized, permitting access to the protected Web service resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing system of claim 1, wherein receiving the request comprises receiving a create message.
  - 3. The computing system of claim 2, wherein, upon receiving the create message, the instructions cause the computing system to perform operations comprising:
    - determining whether authorization is required to access the protected Web service resource; and
      
      generating and storing a resource request associated with the request to store data relating to a status of the request.
  - 4. The computing system of claim 1, wherein the request resource is defined by an extensible markup language.
  - 5. The computing system of claim 1, wherein the request resource comprises:
    - a first element that stores an identifier of an operation to be performed; and
      
      a second element that stores an identifier of a current status of the request to access the protected Web service resource.
  - 6. The computing system of claim 1, wherein determining whether the request to access the protected Web service resource has been authorized comprises retrieving the data that identifies whether the request has been authorized from the request resource.
  - 7. The computing system of claim 1, wherein denying access to the protected Web service resource comprises sending a fault message across the network.
  - 8. The computing system of claim 1, wherein permitting access to the protected Web service resource further comprises an operation selected from the group comprising modifying the protected resource, adding to the protected resource, deleting the protected resource, and using the protected resource.

9. A method of authorizing access to a Web service resource, the method comprising:
- receiving a request from a requester identifying a Web service resource;
  
  determining, with a computing device, that authorization is required to access the Web service resource;
  
  generating and storing a request resource associated with the request in memory, the request resource containing data that identifies whether the request has been authorized, the request resource including a request element storing a copy of a status element, a details element, an approval processes element, and a data element;
  
  receiving authorization from an authorizer which authorizes the requester to access the Web service resource; and
  
  communicating the authorization to the requester.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, further comprising:
    - receiving a second request from the requester identifying the Web service resource;
      
      determining that the second request has been authorized by the authorizer; and
      
      providing access to the Web service resource.
  - 11. A method of claim 9, further comprising generating the request resource after determining that authorization is required.
  - 12. The method of claim 11, further comprising updating the request resource after receiving authorization from the authorizer with data indicating that the request has been authorized by the authorizer.
  - 13. The method of claim 11, wherein the resource request is generated in an extensible markup language.

14. A computer readable storage medium containing computer executable instructions which when executed by a computer perform a method of authorizing access to a protected resource, the method comprising:
- receiving a request from a requester identifying the protected resource of a Web service;
  
  generating and storing a request resource associated with the request in memory wherein the request resource is defined by an extensible markup language, the request resource containing data that identifies whether the request has been authorized, the request resource including a request element storing a copy of a status element storing a status of the request, a details element storing a description of the request, an approval processes element storing identifiers of approval processes associated with the request, and a data element storing data to be retrieved by the request;
  
  receiving an authorization which authorizes use of the protected resource of the Web service;
  
  determining that the request has been authorized; and
  
  communicating the authorization to the requester.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer readable storage medium of claim 14, the method further comprising allowing access to the protected resource after determining that the request has been authorized.
  - 16. The computer readable storage medium of claim 14, the method further comprising generating and storing the resource request after receiving a request identifying the protected resource of the Web service.
  - 17. The computer readable storage medium of claim 16, the method further comprising updating the resource request after receiving the authorization to indicate that the request has been authorized.
  - 18. The computer readable storage medium of claim 17, wherein determining that the request has been authorized comprises retrieving data from the resource request and determining that the data indicates that the request has been authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
McMurtry, Craig V., Gabarra, Mark E., Weinert, Alexander T., Meleshuk, Vadim
Primary Examiner(s)
Davis; Zachary A
Assistant Examiner(s)
Bone; Dustin

Application Number

US12/024,896
Publication Number

US 20080263638A1
Time in Patent Office

1,257 Days
Field of Search

726 26- 31, 709/225
US Class Current

726/4
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/6227   where protection concerns t...

G06F 2221/2141   Access rights, e.g. capabil...

Authorization for access to web service resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authorization for access to web service resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links