Security authorization queries
First Claim
Patent Images
1. A method comprising:
- under control of one or more processors;
receiving a request for access to a resource;
applying, by the one or more processors, a multi-level security scheme to the request for access, the multi-level security scheme including an assertion level and a query level, wherein the assertion level disallows an assertion containing a negation, and wherein the query level permits an authorization query containing at least one negation; and
determining, by the one or more processors, an authorization result for the request, based at least on the application of the multi-level security scheme.
2 Assignments
0 Petitions
Accused Products
Abstract
In an example implementation, a bifurcated security scheme has a first level that does not allow usage of negations and a second level that does permit usage of negations. In another example implementation, an authorization query table maps respective resource-specific operations to respective associated authorization queries. In yet another example implementation, authorization queries are permitted to have negations, but individual assertions are not.
-
Citations
20 Claims
-
1. A method comprising:
-
under control of one or more processors; receiving a request for access to a resource; applying, by the one or more processors, a multi-level security scheme to the request for access, the multi-level security scheme including an assertion level and a query level, wherein the assertion level disallows an assertion containing a negation, and wherein the query level permits an authorization query containing at least one negation; and determining, by the one or more processors, an authorization result for the request, based at least on the application of the multi-level security scheme. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
one or more processors; and one or more security components executed by the one or more processors to implement a multi-level security scheme that includes an assertion level and a query level, wherein the one or more security components perform actions including; receiving a request to access a resource; forming an assertion context at the assertion level, including disallowing an assertion containing a negation; ascertaining an authorization query at the query level, based at least on an authorization query table; and employing the authorization query and the assertion context to produce an authorization decision for the request to access the resource. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. One or more computer-readable storage devices storing instructions that, when executed, configure one or more processors to perform actions comprising:
-
receiving a request to access a resource, wherein the request includes a security token with one or more token assertions; applying a multi-level security scheme to the request for access, the multi-level security scheme including a first level and a second level; determining an assertion context at the first level, based on the one or more token assertions; employing syntactic validation to disallow an assertion containing a negation, at the first level; ascertaining an authorization query at the second level; and employing the authorization query and the assertion context to produce an authorization decision for the request to access the resource. - View Dependent Claims (17, 18, 19, 20)
-
Specification