Integrated security roles
First Claim
Patent Images
1. A method of authorizing a client'"'"'s request at a first downstream application, said method comprising:
- at runtime, prior to receiving the client'"'"'s request;
identifying a role mapping requirement included in an upstream application, the role mapping requirement corresponding to an upstream security role; and
in response to identifying the role mapping requirement, adding an upstream security role identifier corresponding to the upstream security role into a downstream authorization table;
receiving, at the first downstream application, a first application request from the upstream application, wherein the first application request is derived from the client'"'"'s request and includes the upstream security role identifier that was determined by the upstream application;
matching the upstream security role identifier included in the first application request with the upstream security role identifier included in the downstream authorization table; and
authorizing the client'"'"'s request at the downstream application in response to the matching.
0 Assignments
0 Petitions
Accused Products
Abstract
An approach to handling integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application'"'"'s role-mapping table or by adding upstream user-to-role mappings to a downstream application'"'"'s role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.
-
Citations
19 Claims
-
1. A method of authorizing a client'"'"'s request at a first downstream application, said method comprising:
-
at runtime, prior to receiving the client'"'"'s request; identifying a role mapping requirement included in an upstream application, the role mapping requirement corresponding to an upstream security role; and in response to identifying the role mapping requirement, adding an upstream security role identifier corresponding to the upstream security role into a downstream authorization table; receiving, at the first downstream application, a first application request from the upstream application, wherein the first application request is derived from the client'"'"'s request and includes the upstream security role identifier that was determined by the upstream application; matching the upstream security role identifier included in the first application request with the upstream security role identifier included in the downstream authorization table; and authorizing the client'"'"'s request at the downstream application in response to the matching. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
expanding, at runtime, an upstream security role to include a downstream application, the method further comprising; identifying a role mapping requirement included in an upstream application corresponding to the upstream security role; in response to identifying the role mapping requirement, selecting an upstream authorization table that corresponds to the upstream application, wherein the upstream authorization table includes one or more upstream authorization table entries that correspond to the upstream security role; selecting a downstream security role included in a downstream authorization table, the downstream security role corresponding to the role mapping requirement and the downstream application; and adding one or more downstream authorization table entries to the downstream authorization table, wherein the one or more added downstream authorization table entries match the one or more upstream authorization entries corresponding to the upstream security role. - View Dependent Claims (7, 8, 9)
-
10. An information handling system comprising:
-
one or more processors; a memory accessible by the processors; one or more nonvolatile storage devices accessible by the processors; and a client authorization tool to authorize a client'"'"'s request at a first downstream application, the client authorization tool including a set of instructions stored in the memory and executed by at least one of the processors in order to perform actions of; at runtime, prior to receiving the client'"'"'s request; identifying a role mapping requirement included in an upstream application, the role mapping requirement corresponding to an upstream security role; and in response to identifying the role mapping requirement, adding an upstream security role identifier corresponding to the upstream security role into a downstream authorization table; receiving, at the first downstream application, a first application request from the upstream application, wherein the first application request is derived from the client'"'"'s request and includes the upstream security role identifier that was determined by the upstream application; matching the upstream security role identifier included in the first application request with the upstream security role identifier included in the downstream authorization table; and authorizing the client'"'"'s request at the downstream application in response to the matching. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product stored on a computer operable storage medium for authorizing a client'"'"'s request at a first downstream application, said computer program product comprising functional descriptive material that, when executed by an information handling system, causes the information handling system to perform actions that include:
-
at runtime, prior to receiving the client'"'"'s request; identifying a role mapping requirement included in an upstream application, the role mapping requirement corresponding to an upstream security role; and in response to identifying the role mapping requirement, adding an upstream security role identifier corresponding to the upstream security role into a downstream authorization table; receiving, at the first downstream application, a first application request from the upstream application, wherein the first application request is derived from the client'"'"'s request and includes the upstream security role identifier that was determined by the upstream application; matching the upstream security role identifier included in the first application request with the upstream security role identifier included in the downstream authorization table; and authorizing the client'"'"'s request at the downstream application in response to the matching. - View Dependent Claims (16, 17, 18, 19)
-
Specification