Policy-based automated consent
First Claim
1. A method of managing grant of consent to access a protected resource, the protected resource associated with a resource owner, comprising:
- upon receipt of a request to access a protected resource, the request having a scope and being associated with a second web client, performing an analysis based on a universal resource identifier (URI) associated with the request to identify a characteristic of the second web client, the analysis being performed using a computing entity having a hardware element;
based on the characteristic of the second web client and the scope of the request, applying a policy to determine whether the second web client is entitled to receive an automated consent to access the protected resource as a result of a consent having been previously granted by the resource owner to a first web client; and
when, based on the policy the second web client is entitled to receive the automated consent, returning given information useful by the second web client to obtain access to the protected resource without requiring an explicit consent from the resource owner;
when the second web client is not entitled to receive the automated consent to access the protected resource issuing a prompt to the resource owner to obtain explicit consent.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for intelligent automated consent is described by which a client may be automatically authorized to access a resource owner'"'"'s protected information (e.g., a profile) based on the owner'"'"'s previous authorization decisions and/or other client classifications. Using this approach to granting consent, the resource owner is not required to intervene during the authorization step for each client that is requesting access. Clients may be categorized, and authorization given to individual clients based on the category to which they belong and/or the scope of the access request. The technique may be implemented with user-centric identity protocols, as well as with delegated authorization protocols. The technique provides for policy-based consent grants.
22 Citations
14 Claims
-
1. A method of managing grant of consent to access a protected resource, the protected resource associated with a resource owner, comprising:
-
upon receipt of a request to access a protected resource, the request having a scope and being associated with a second web client, performing an analysis based on a universal resource identifier (URI) associated with the request to identify a characteristic of the second web client, the analysis being performed using a computing entity having a hardware element; based on the characteristic of the second web client and the scope of the request, applying a policy to determine whether the second web client is entitled to receive an automated consent to access the protected resource as a result of a consent having been previously granted by the resource owner to a first web client; and when, based on the policy the second web client is entitled to receive the automated consent, returning given information useful by the second web client to obtain access to the protected resource without requiring an explicit consent from the resource owner; when the second web client is not entitled to receive the automated consent to access the protected resource issuing a prompt to the resource owner to obtain explicit consent. - View Dependent Claims (2, 3, 4, 5)
-
-
6. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to manage grant of consent to access a protected resource, the protected resource associated with a resource owner, the method comprising; upon receipt of a request to access a protected resource, the request having a scope and being associated with a second web client, performing an analysis based on a universal resource identifier (URI) associated with the request to identify a characteristic of the second web client; based on the characteristic of the second web client and the scope of the request, applying a policy to determine whether the second web client is entitled to receive an automated consent to access the protected as a result of a consent having been previously granted by the resource owner to a first web client; and when, based on the policy the second web client is entitled to receive the automated consent, returning given information useful by the second web client to obtain access to the protected resource without requiring an explicit consent from the resource owner; when the second web client is not entitled to receive the automated consent to access the protected resource, issuing a prompt to the resource owner to obtain explicit consent. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method of managing grant of consent to access a protected resource, the protected resource associated with a resource owner, the method comprising:
-
upon receipt of a request to access a protected resource, the request having a scope and being associated with a second web client, performing an analysis based on a universal resource identifier (URI) associated with the request to identify a characteristic of the second web client; based on the characteristic of the second web client and the scope of the request, applying a policy to determine whether the second web client is entitled to receive an automated consent to access the protected resource as a result of a consent having been previously granted by the resource owner to a first web client; and when, based on the policy the client is entitled to receive the automated consent, returning given information useful by the second web client to obtain access to the protected resource without requiring an explicit consent from the resource owner; when the second web client is not entitled to receive the automated consent to access the protected resource, issuing a prompt to the resource owner to obtain explicit consent. - View Dependent Claims (12, 13, 14)
-
Specification