Distributed services authorization management

US 8,898,318 B2
Filed: 06/03/2010
Issued: 11/25/2014
Est. Priority Date: 06/03/2010
Status: Active Grant

First Claim

Patent Images

1. A method, implemented at least in part via a processing unit, for providing authorization to a user for a distributed service stored in a distributed memory store, comprising:

accessing an authorization document stored in the distributed memory store; and

responsive to determining that a resource section for the distributed service is not present in the authorization document;

creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section, the one or more resources not comprising at least some of the resource section;

loading resource authorization data, from a backing store, into the resource section in the authorization document; and

saving the authorization document.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more techniques and/or systems are disclosed for providing resource authorization to users of a distributed memory store (e.g., a distributed web-based cloud service). A session ID that identifies a location of an authorization document in a distributed memory store is used to access the authorization document, which comprises a global section with a principal ID related to a user. The user can be authorized to utilize a resource (e.g., in a distributed cloud service) if a resource section is present for the principal ID in the authorization document, and has appropriate resource data for the resource. If the resource section is not present, it can be created in the authorization document, and identified by a resource identifier. Authorization data can be loaded into the newly created resource section, and the authorization document, with the global and resource sections, is saved to a local cache for the distributed memory store.

63 Citations

View as Search Results

20 Claims

1. A method, implemented at least in part via a processing unit, for providing authorization to a user for a distributed service stored in a distributed memory store, comprising:
- accessing an authorization document stored in the distributed memory store; and
  
  responsive to determining that a resource section for the distributed service is not present in the authorization document;
  
  creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section, the one or more resources not comprising at least some of the resource section;
  
  loading resource authorization data, from a backing store, into the resource section in the authorization document; and
  
  saving the authorization document.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the authorization document saved locally in the distributed memory store.
  - 3. The method of claim 1, the accessing comprising using a session ID that identifies a location of the authorization document.
  - 4. The method of claim 1, comprising authorizing the user for a second distributed service if a second resource section for the second distributed service is determined to be present in the authorization document.
  - 5. The method of claim 1, comprising authorizing the user for the distributed service after the saving.
  - 6. The method of claim 1, comprising providing a session ID, usable to access the authorization document, to the user upon user authentication.
  - 7. The method of claim 1, comprising updating the resource authorization data.

8. A system for providing authorization to a user for a distributed service stored in a distributed memory store, comprising:
- one or more processing units; and
  
  memory comprising instructions that when executed by at least some of the one or more processing units, perform a method comprising;
  
  accessing an authorization document stored in the distributed memory store; and
  
  responsive to determining that a resource section for the distributed service is not present in the authorization document;
  
  creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section, the one or more resources not comprising at least some of the resource section; and
  
  loading resource authorization data into the resource section.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the authorization document saved locally in the distributed memory store.
  - 10. The system of claim 8, the accessing comprising using a session ID that identifies a location of the authorization document.
  - 11. The system of claim 8, the method comprising authorizing the user for a second distributed service if a second resource section for the second distributed service is determined to be present in the authorization document.
  - 12. The system of claim 8, the method comprising authorizing the user for the distributed service after saving the authorization document.
  - 13. The system of claim 8, the method comprising providing a session ID, usable to access the authorization document, to the user upon user authentication.
  - 14. The system of claim 8, the method comprising updating the resource authorization data.

15. A computer readable storage medium, excluding signals, comprising instructions that when executed, perform a method for providing authorization to a user for a distributed service stored in a distributed memory store, the method comprising:
- accessing an authorization document stored in the distributed memory store; and
  
  responsive to determining that a resource section for the distributed service is not present in the authorization document;
  
  creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable storage medium of claim 15, the authorization document saved locally in the distributed memory store.
  - 17. The computer readable storage medium of claim 15, the accessing comprising using a session ID that identifies a location of the authorization document.
  - 18. The computer readable storage medium of claim 15, the method comprising authorizing the user for a second distributed service if a second resource section for the second distributed service is determined to be present in the authorization document.
  - 19. The computer readable storage medium of claim 15, the method comprising authorizing the user for the distributed service after saving the authorization document.
  - 20. The computer readable storage medium of claim 15, the method comprising providing a session ID, usable to access the authorization document, to the user upon user authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Galvin, Thomas A., Copeland, Bruce W.
Primary Examiner(s)
Vostal, O. C.

Application Number

US12/793,277
Publication Number

US 20110302315A1
Time in Patent Office

1,636 Days
Field of Search

709/228, 709/226, 709/225
US Class Current

709/228
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 9/46   Multiprogramming arrangements

G06F 9/5027   the resource being a machin...

H04L 41/5096   wherein the managed service...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

Distributed services authorization management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed services authorization management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links