×

Flexible role based authorization model

  • US 9,390,276 B2
  • Filed: 09/30/2013
  • Issued: 07/12/2016
  • Est. Priority Date: 09/30/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer machine system comprising one or more computer machines wherein said computer machine system further comprises:

  • at least one computer memory comprising a rights database configured to store;

    a set of roles, wherein each role is associated with one or more capabilities;

    a set of user identifiers, wherein each user identifier is associated with;

    a specific user;

    one or more roles from said set of roles; and

    one or more capabilities from each of said roles;

    at least one policy decision point configured to authorize a service request received from a policy enforcement point, wherein;

    said policy decision point determines if a first set of capabilities allocated to a first role, wherein said first role is specified in a request header associated with said service request, matches a set of required privileges necessary to perform said service request;

    said request header comprises said first role and a second role, wherein said first role is assigned to a first user and said second role is assigned to a second user, and wherein said second user is acting on behalf of said first user;

    said policy decision point determines if a second set of capabilities allocated to the first user, wherein said first user is specified in said request header, acting as said first role matches said set of required privileges necessary to perform said service request; and

    said policy decision point determines if a third set of capabilities, assigned to said second role and associated with said second user, matches said set of required privileges necessary for said second user to perform said service request on behalf of said first user in said first role.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×