Flexible scalable application authorization for cloud computing environments
First Claim
1. One or more computer-readable media, not comprising a propagated signal, containing programmed instructions which, when executed by one or more processors disposed in an electronic device, perform a method of authorizing use of a resource in a cloud computing environment comprising:
- associating at least one security policy with the resource;
receiving a request from a security principal to access the resource, the request including a security credential of the security principal;
comparing the security credential to the at least one security policy associated with the resource;
generating an authorization token when the security credential satisfies the at least one security policy; and
attaching security policy-related information to a resource link used to traverse to the resource to annotate the resource link such that the security policy-related information annotating the resource link is able to be inspected to determine the security policy associated with the resource, the security policy-related information corresponding to the at least one security policy.
3 Assignments
0 Petitions
Accused Products
Abstract
A representational state transfer-based model for a computing environment uses models resources with links between them. Security principals are resources which can be independently authenticated. Each resource may be associated with an authorization policy that determines level of access, protocol supported. Successfully presenting security credentials at a security principal allows use of an instance of the security principal (i.e. application) as well as generation of an authentication token that can be presented across the computing environment to resources subscribing to the same authorization policy. As security principals with different security policies are authenticated, the appropriate tokens may be combined to allow broader access without undue re-authentication for resources subscribing to the same security policy. Authorization requirements (policies) may be attached to links to resources so that an application instance can dynamically discover authentication rules for that resource by inspecting the link.
-
Citations
20 Claims
-
1. One or more computer-readable media, not comprising a propagated signal, containing programmed instructions which, when executed by one or more processors disposed in an electronic device, perform a method of authorizing use of a resource in a cloud computing environment comprising:
- associating at least one security policy with the resource;
receiving a request from a security principal to access the resource, the request including a security credential of the security principal;
comparing the security credential to the at least one security policy associated with the resource;
generating an authorization token when the security credential satisfies the at least one security policy; and
attaching security policy-related information to a resource link used to traverse to the resource to annotate the resource link such that the security policy-related information annotating the resource link is able to be inspected to determine the security policy associated with the resource, the security policy-related information corresponding to the at least one security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- associating at least one security policy with the resource;
-
13. A computing environment comprising:
-
a computing cloud including a plurality of resources accessible via links; at least one client entity coupled to the computing cloud of computing resources that requests access to a resource of the plurality of resources; an authentication engine that evaluates a security policy associated with the resource of the plurality of resources and generates an authorization token when a client entity security data satisfies the security policy for the resource, wherein an authorization token link is attached to each link used to access the resource; a policy repository in the computing cloud for storing one or more of the security policies related to authentication and authorization of the resource; and a token repository in the computing cloud for storing the authorization token generated by the authentication engine. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method, operating as one or more processes or sub-processes programmed for execution on a computing platform, of accessing a resource in a cloud computing environment, the method comprising:
-
receiving, in a first of the one or more processes or sub-processes, a request from a security principal requesting access to the resource, the request including a security credential; presenting, in a second of the one or more processes or sub-processes, the security credential to an authentication engine; issuing, in a third of the one or more processes or sub-processes, a first authorization token granting access to the resource; issuing, in a fourth of the one or more processes or sub-processes, a second authorization token related to the resource; storing, in a fifth of the one or more processes or sub-processes, the first and second authorization tokens in a token repository; and attaching, in a sixth of the one or more processes or sub-processes, an authorization token link that points to the token repository to a link pointing to the resource. - View Dependent Claims (19, 20)
-
Specification