Distributed services authorization management
First Claim
1. A method, implemented at least in part via a processing unit, for providing authorization to a user for a distributed service stored in a distributed memory store, comprising:
- accessing an authorization document stored in the distributed memory store; and
responsive to determining that a resource section for the distributed service is not present in the authorization document;
creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section, the one or more resources not comprising at least some of the resource section;
loading resource authorization data, from a backing store, into the resource section in the authorization document; and
saving the authorization document.
2 Assignments
0 Petitions
Accused Products
Abstract
One or more techniques and/or systems are disclosed for providing resource authorization to users of a distributed memory store (e.g., a distributed web-based cloud service). A session ID that identifies a location of an authorization document in a distributed memory store is used to access the authorization document, which comprises a global section with a principal ID related to a user. The user can be authorized to utilize a resource (e.g., in a distributed cloud service) if a resource section is present for the principal ID in the authorization document, and has appropriate resource data for the resource. If the resource section is not present, it can be created in the authorization document, and identified by a resource identifier. Authorization data can be loaded into the newly created resource section, and the authorization document, with the global and resource sections, is saved to a local cache for the distributed memory store.
63 Citations
20 Claims
-
1. A method, implemented at least in part via a processing unit, for providing authorization to a user for a distributed service stored in a distributed memory store, comprising:
-
accessing an authorization document stored in the distributed memory store; and responsive to determining that a resource section for the distributed service is not present in the authorization document; creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section, the one or more resources not comprising at least some of the resource section; loading resource authorization data, from a backing store, into the resource section in the authorization document; and saving the authorization document. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing authorization to a user for a distributed service stored in a distributed memory store, comprising:
-
one or more processing units; and memory comprising instructions that when executed by at least some of the one or more processing units, perform a method comprising; accessing an authorization document stored in the distributed memory store; and responsive to determining that a resource section for the distributed service is not present in the authorization document; creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section, the one or more resources not comprising at least some of the resource section; and loading resource authorization data into the resource section. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer readable storage medium, excluding signals, comprising instructions that when executed, perform a method for providing authorization to a user for a distributed service stored in a distributed memory store, the method comprising:
-
accessing an authorization document stored in the distributed memory store; and responsive to determining that a resource section for the distributed service is not present in the authorization document; creating the resource section in the authorization document for the distributed service such that merely one or more instances of the authorization document that are comprised in a location where one or more resources of the distributed service are partitioned comprise the resource section and instances of the authorization document that are comprised in a second location where at least one resource of the distributed service is not partitioned do not comprise the resource section. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification