Method for application-to-application authentication via delegation
First Claim
Patent Images
1. A computer controlled method for delegation-based application-to-application access control, the method comprising:
- receiving, by a service application on a computer, an operation request, from a requesting application;
identifying a user of the requesting application based on the operation request, wherein identifying the user involves determining that the operation request is valid for the identified user, and wherein the identified user is a principal of the operation;
gaining access to a delegated-rights repository that stores a set of delegated rights, wherein a respective delegated right specifics access-control rights delegated to the service application by an associated user;
retrieving a delegated right specific to the identified user from the delegated-rights repository;
activating the retrieved delegated right, wherein activating the retrieved delegated right involves accessing, by the service application, a delegated-to principle representing the retrieved delegated right; and
allowing the service application to perform the operation on behalf of the identified user based on the retrieved delegated right.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus, methods, and computer program products are disclosed that present a delegated-right to a delegation system by a service-application provisioned with the delegation system. The delegated-right enables the service-application to perform an operation/access on behalf of a delegator-user. The method then attempts to perform the operation/access.
-
Citations
29 Claims
-
1. A computer controlled method for delegation-based application-to-application access control, the method comprising:
-
receiving, by a service application on a computer, an operation request, from a requesting application; identifying a user of the requesting application based on the operation request, wherein identifying the user involves determining that the operation request is valid for the identified user, and wherein the identified user is a principal of the operation; gaining access to a delegated-rights repository that stores a set of delegated rights, wherein a respective delegated right specifics access-control rights delegated to the service application by an associated user; retrieving a delegated right specific to the identified user from the delegated-rights repository; activating the retrieved delegated right, wherein activating the retrieved delegated right involves accessing, by the service application, a delegated-to principle representing the retrieved delegated right; and allowing the service application to perform the operation on behalf of the identified user based on the retrieved delegated right. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for delegation-based application-to-application access control, comprising:
-
a processor; a delegated-rights repository configured to store a set of delegated rights, wherein a respective delegated right specifics access-control rights delegated to the service application by an associated user; a service application logic; and a provisioning logic; wherein the provisioning logic is configured to provision the service application with a service right to access the delegated-rights repository; and wherein the service application logic is configured to; receive an operation request from a requesting application; identify a user of the requesting application based on the operation request, wherein identifying the user involves determining that the operation request is valid for the identified user, and wherein the identified user is a principal of the operation; retrieve a delegated right specific to the identified user from the delegated-rights repository; activate the retrieved delegated right, wherein activating the retrieved delegated right involves accessing, by the service application, a delegated-to principle representing the retrieved delegated right; and perform the operation of behalf of the user based on the retrieved delegated right. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer program product comprising:
a non-transitory computer-usable data carrier providing instructions that, when executed by a computer, cause said computer to perform a method for delegation-based application-to-application access control, the method comprising; receiving, by a service application on a computer, an operation request, from a requesting application; identifying a user of the requesting application based on the operation request, wherein identifying the user involves determining that the operation request is valid for the identified user, and wherein the identified user is a principal of the operation; gaining access to a delegated-rights repository that stores a set of delegated rights, wherein a respective delegated right specifics access-control rights delegated to the service application by an associated user; retrieving a delegated right specific to the identified user from the delegated-right repository; activating the retrieved delegated right, wherein activating the retrieved delegated right involves accessing, by the service application, a delegated-to principle representing the retrieved delegated right; and allowing the service application to perform the operation on behalf of the identified user based on the retrieved delegated right. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
Specification