×

Relationship-based authorization

  • US 8,793,768 B2
  • Filed: 04/11/2007
  • Issued: 07/29/2014
  • Est. Priority Date: 04/11/2006
  • Status: Active Grant
First Claim
Patent Images

1. A non-transitory computer readable storage medium comprising computer-readable instructions configured to cause a data processor coupled to one or more memory devices to perform operations comprising:

  • receiving data characterizing a request for authorization to access a computer-based resource by a principal;

    determining whether the requesting principal is authorized for the access to the computer-based resource based on a context of the request, the determining occurring using a relationship repository comprising one or more data structures containing relationships, the data structures being separate and non-referential from the computer-based resource, the determining comprising;

    determining whether the requesting principal has an implicit or explicit relationship at the time of the request with a principal that has management rights of access to the computer-based resource, wherein the explicit relationship includes at least one of a user to user relationship, a user to organization relationship, and an organization to organization relationship, wherein determining an implicit relationship includes inferring an implicit relationship based on a combination of explicit relationships; and

    determining whether the relationship allows for the access to the computer-based resource if the requesting principal has a relationship with the principal that has management rights;

    otherwise, determining whether an organization of the requesting principal has a relationship, with the principal that has management rights, that allows for the access; and

    providing authorization for the requesting principal to the computer-based resource.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×