Mixed-mode authorization metadata manager for cloud computing environments
First Claim
1. A system, comprising a plurality of computing devices configured to implement:
- a plurality of service managers, wherein each service manager of the plurality of service managers is operable to coordinate a respective service of a plurality of distributed multitenant services implemented at least in part using a plurality of resources of a provider network; and
a metadata manager;
wherein the metadata manager is operable to;
in response to a metadata request identifying a particular authorization entity affiliated with a client account of a client of the provider network,identify a first service manager and a second service manager of the plurality of service managers, respectively coordinating a first service and a second service of the plurality of distributed multitenant services to which the client account has access, wherein the first service manager is configured to support a first authorization application programming interface (API) for the first service and the second service manager is configured to support a second authorization API for the second service; and
provide composite authorization metadata of the particular authorization entity based at least in part on (a) service authorization metadata provided by the first service manager and service authorization metadata provided by the second service manager and (b) identity authorization metadata provided by an identity manager of the provider network.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for a mixed-mode authorization metadata manager for cloud computing environments are disclosed. A system includes a plurality of service managers coordinating respective distributed multitenant services, and a metadata manager. In response to a metadata request for an authorization entity, the metadata manager identifies a first and a second service manager coordinating services in use by a client account with which the authorization entity is affiliated. The first and second service managers implement respective authorization APIs. The metadata manager provides composite authorization metadata of the authorization entity based at least in part on (a) service authorization metadata provided by each of the first and second service managers and (b) identity authorization metadata provided by an identity manager.
-
Citations
25 Claims
-
1. A system, comprising a plurality of computing devices configured to implement:
-
a plurality of service managers, wherein each service manager of the plurality of service managers is operable to coordinate a respective service of a plurality of distributed multitenant services implemented at least in part using a plurality of resources of a provider network; and a metadata manager; wherein the metadata manager is operable to; in response to a metadata request identifying a particular authorization entity affiliated with a client account of a client of the provider network, identify a first service manager and a second service manager of the plurality of service managers, respectively coordinating a first service and a second service of the plurality of distributed multitenant services to which the client account has access, wherein the first service manager is configured to support a first authorization application programming interface (API) for the first service and the second service manager is configured to support a second authorization API for the second service; and provide composite authorization metadata of the particular authorization entity based at least in part on (a) service authorization metadata provided by the first service manager and service authorization metadata provided by the second service manager and (b) identity authorization metadata provided by an identity manager of the provider network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
in response to a metadata request identifying a particular authorization entity affiliated with a client account of a client of a provider network, identifying one or more service managers of the provider network, coordinating one or more services to which the client account has access; and generating composite authorization metadata of the particular authorization entity based at least in part on (a) service authorization metadata provided by the one or more service managers and (b) identity authorization metadata provided by an identity manager of the provider network. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
16. A non-transitory computer-accessible storage medium storing program instructions that when executed on one or more processors:
in response to a metadata request identifying a particular authorization entity affiliated with a client account of a client of a provider network, identify one or more service managers of the provider network, coordinating one or more services to which the client account has access; and generate composite authorization metadata of the particular authorization entity based at least in part on service authorization metadata provided by the one or more service managers. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
Specification