Defining an authorizer in a virtual computing infrastructure
First Claim
Patent Images
1. A method of allowing an authorizing entity to grant permission to a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising:
- defining an authorizer value for an authorizer key in a permission, the authorizer value identifying an entity delegating the permission;
defining a subject value for a subject key in the permission, the subject value identifying a group to whom the permission is being delegated;
defining an object value for an object key in the permission, the object value identifying an object upon which action is authorized by the permission within the cloud computing environment;
defining an action value for an action key in the permission, the action value identifying an action authorized by the permission in the cloud computing environment;
determining that a path exists in a directed graph between (a) a node corresponding to the authorizer value and (b) another node corresponding to an initial set of permissions created in connection with a creation of a customer to which the group belongs; and
authorizing members of the subject group to perform a requested action on a requested object based on the defined values of the permission and the existence of the path.
2 Assignments
0 Petitions
Accused Products
Abstract
An authorizing entity is allowed to grant permission to a subject to perform an action on an object in a cloud computing environment. An authorizer is defined as the entity having granting authority to delegate a predetermined permission. A subject is defined as a group to whom the permission is being delegated. An object is defined upon which an action is authorized within the cloud computing environment. The action being authorized in the cloud computing environment is defined. Members of the subject group are authorized to perform the permitted action on the object.
-
Citations
8 Claims
-
1. A method of allowing an authorizing entity to grant permission to a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising:
-
defining an authorizer value for an authorizer key in a permission, the authorizer value identifying an entity delegating the permission; defining a subject value for a subject key in the permission, the subject value identifying a group to whom the permission is being delegated; defining an object value for an object key in the permission, the object value identifying an object upon which action is authorized by the permission within the cloud computing environment; defining an action value for an action key in the permission, the action value identifying an action authorized by the permission in the cloud computing environment; determining that a path exists in a directed graph between (a) a node corresponding to the authorizer value and (b) another node corresponding to an initial set of permissions created in connection with a creation of a customer to which the group belongs; and authorizing members of the subject group to perform a requested action on a requested object based on the defined values of the permission and the existence of the path. - View Dependent Claims (2, 3, 4)
-
-
5. A cloud computing system, comprising:
-
at least one storage device configured to store a plurality of instructions; and at least one processor device in communication with the at least one storage device, and configure to execute the plurality of instructions to; define an authorizer value for an authorizer key in a permission, the authorizer value identifying an entity delegating the permission; define a subject value for a subject key in the permission, the subject value identifying a group to whom the permission is being delegated; define an object value for an object key in the permission, the object value identifying an object upon which action is authorized by the permission within the cloud computing environment; define an action value for an action key in the permission, the action value identifying an action authorized by the permission in the cloud computing environment; determine that a path in a directed graph exists between (a) a node corresponding to the authorizer value and (b) another node corresponding to an initial set of permissions created in connection with a creation of a customer to which the group belongs; and authorize members of the subject group to perform a requested action on a requested object based on the defined values of the permission and the existence of the path. - View Dependent Claims (6, 7, 8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeOracle International Corporation (Oracle Corporation)
-
Original AssigneeOracle International Corporation (Oracle Corporation)
-
InventorsVan Biljon, Willem Robert, Pinkham, Christopher Conway, Cloran, Russell Andrew, Gorven, Michael Carl, Hardy, Alexandre, Divey, Brynmor K. B., Hoole, Quinton Robin, Kalele, Girish
-
Primary Examiner(s)Gee, Jason K.
-
Assistant Examiner(s)BUCKNOR, OLANREWAJU J
-
Application NumberUS13/299,157Publication NumberTime in Patent Office1,328 DaysField of SearchNoneUS Class Current1/1CPC Class CodesG06F 21/6218 to a system of files or obj...G06F 2221/2141 Access rights, e.g. capabil...G06F 2221/2145 Inheriting rights or proper...G06Q 30/04 Billing or invoicingG06Q 40/00 Finance; Insurance; Tax str...G06Q 40/02 Banking, e.g. interest calc...G06Q 40/10 Tax strategiesH04L 41/0213 Standardised network manage...H04L 63/0236 Filtering by address, proto...H04L 63/101 Access control lists [ACL]H04L 63/102 Entity profilesH04L 67/10 in which an application is ...H04L 67/60 Scheduling or organising th...H04L 9/40 Network security protocolsH04M 15/66 Policy and charging system
