System and method for user-centric authorization to access user-specific information
First Claim
1. A system for controlling access to a data store of user-specific information in a network computing environment being accessed by a client and a user, the system comprising:
- a web-services system providing a software service to the user, said web-services system maintaining the data store of user-specific information in connection with the software service;
a data store of default access preferences, said default access preferences defining a list of predetermined access permissions allowed by the user with respect to the data store of user-specific information, the client desiring access to the data store of user-specific information and transmitting an access request message having a parameter indicative of a desired form of access to the data store of user-specific information;
an access control interface associated with the web-services system, said access control interface receiving the access request message and comparing the desired form of access to an access control list associated with the software service, said access control list identifying whether the user has been granted the desired form of access requested by the client;
an access control engine determining an intended use by the client of the user-specific information in the data store of user-specific information, said access control engine also determining a default access preference defining a list of default access permissions to the data store of user-specific information that the user has allowed, the access control engine comparing the determined intended use and the default access permissions and dynamically creating an access control rule granting the desired form of access of the client if the intended use is permitted by the default access permissions; and
a consent engine generating an option list in response to the access request having at least one entry in the option list based on the intended use by the client of the user-specific information in the data store, said consent engine displaying on the access control interface an option menu reflecting the generated option list, said option menu prompting the user to accept or reject at least one option displayed on the option menu using a selection interface of a network communication device.
2 Assignments
0 Petitions
Accused Products
Abstract
In a network computing environment, a user-centric system and method for controlling access to user-specific information maintained in association with a web-services service. When a web-services client desires access to the user-specific information, the client sends a request. The request identifies the reasons/intentions for accessing the desired information. The request is compared to the user'"'"'s existing access permissions. If there is no existing access permission, the request is compared to the user'"'"'s default preferences. If the default preferences permit the requested access, an access rule is created dynamically and the client'"'"'s request is filled, without interrupting the user. If the default preferences do not permit the request to be filled, a consent user interface may be invoked. The consent user interface presents the user with one or more consent options, thereby permitting the user to control whether the client will be given access to the user-specific information.
63 Citations
17 Claims
-
1. A system for controlling access to a data store of user-specific information in a network computing environment being accessed by a client and a user, the system comprising:
-
a web-services system providing a software service to the user, said web-services system maintaining the data store of user-specific information in connection with the software service; a data store of default access preferences, said default access preferences defining a list of predetermined access permissions allowed by the user with respect to the data store of user-specific information, the client desiring access to the data store of user-specific information and transmitting an access request message having a parameter indicative of a desired form of access to the data store of user-specific information; an access control interface associated with the web-services system, said access control interface receiving the access request message and comparing the desired form of access to an access control list associated with the software service, said access control list identifying whether the user has been granted the desired form of access requested by the client; an access control engine determining an intended use by the client of the user-specific information in the data store of user-specific information, said access control engine also determining a default access preference defining a list of default access permissions to the data store of user-specific information that the user has allowed, the access control engine comparing the determined intended use and the default access permissions and dynamically creating an access control rule granting the desired form of access of the client if the intended use is permitted by the default access permissions; and a consent engine generating an option list in response to the access request having at least one entry in the option list based on the intended use by the client of the user-specific information in the data store, said consent engine displaying on the access control interface an option menu reflecting the generated option list, said option menu prompting the user to accept or reject at least one option displayed on the option menu using a selection interface of a network communication device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of controlling access to user specific information by a third party in a network computing environment, said network computing environment including a web-services provider, a user of a service provided by the web-services provider, the web-services provider maintaining a data store of user-specific information associated with the user, the third party in digital communication with the web-services provider, the third party desiring access to the user-specific information in the data store, and the user communicating with the web-services provider via a network communication device having a display interface and a selection interface, said method of controlling access to user-specific information by the third party comprising:
-
obtaining at the web-services provider a digital request message from the third party desiring access to the user-specific information in the data store; determining an intended purpose of the third party for accessing the user-specific information in the data store; generating an option list in response to the third party'"'"'s request message for user-specific information having at least one entry based on the determined intended purpose of the third party for accessing the user-specific information in the data store; displaying to the user on the display interface of the network communication device an option menu reflecting the generated option list, said option menu prompting the user to accept or reject at least one option using the selection interface of the network communication device; receiving from the network communication device a selection signal indicative of whether the user accepted or rejected the at least one option; and creating an access control rule based on the received selection signal, said access control rule defining an extent of access to the user-specific information in the data store granted to the third party. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method of providing and selecting from a menu displayed on a display interface in a network computing environment, said network computing environment including a web-services provider, a user of a service provided by the web-services provider, the web-services provider maintaining a data store of user-specific information associated with the user, a third party in digital communication with the web-services provider, and the third party desiring access to the user-specific information in the data store, the user communicating with the web-services provider via a network communication device having the display interface and a user selection interface, said method comprising:
-
retrieving an intentions document associated with the third party desiring access to the user-specific information in the data store, said intentions document identifying; a purpose for which the third party desires access to the user-specific information in the data store; a value proposition associated with the purpose for which the third party desires access to the user-specific information in the data store; and a method by which the third party proposes to access the user-specific information in the data store; generating a set of menu entries in response to the third party'"'"'s intentions document, said menu entries identifying; an identity of the third party; the user-specific information in the data store to which the third party desires access; the purpose for which the third party desires access to the user-specific information in the data store; the value proposition associated with the purpose for which the third party desires access to the user-specific information in the data store; and the method by which the third party proposes to access the user-specific information in the data store; displaying the menu entries on the menu on the display interface of the network communication device; prompting the user to authorize or deny the third party to access the user-specific information in the data store; operatively receiving a selection signal being indicative of whether the user authorized or denied the third party to access the user-specific information in the data store; and creating an access control rule indicative of whether the user authorized the third party to access the user-specific information in the data store. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification