×

Use of metadata for computing resource access

  • US 8,973,108 B1
  • Filed: 05/31/2011
  • Issued: 03/03/2015
  • Est. Priority Date: 05/31/2011
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for controlling access to one or more computing resources, comprising:

  • receiving, by a computer system of one or more computer systems, the computer system having one or more computing devices, a request for a session credential subsequent to successful completion of an authentication process by a user, the session credential including information enabling the user to delegate access to a specified delegatee, the information having data identifying the specified delegatee;

    generating, with the one or more computer systems, a session credential that encodes information identifying a type of the authentication process successfully completed by the user and one or more policies applicable to the specified delegatee;

    transmitting the session credential to the specified delegatee, the session credential being opaque to the specified delegatee and provided from the user to the specified delegatee;

    receiving the generated session credential in connection with a request from the specified delegatee to access the one or more computing resources, the one or more computing resources being distinct from the one or more computer systems generating the session credential;

    determining the type of authentication process successfully completed by the user, whether the user is authorized to delegate access to the specified delegatee and whether the specified delegatee is authorized to access the one or more computing resources based at least in part on the information encoded by the session credential; and

    determining, based at least in part on the information identifying the type of authentication process and the one or more policies applicable to the specified delegatee encoded by the session credential, whether to fulfill the request; and

    when determined to fulfill the request, providing to the specified delegatee the requested access to the one or more computing resources.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×