Single set of credentials for accessing multiple computing resource services
First Claim
1. A computer-implemented method for enabling access to one or more computing system services provided by a computing resource service provider, comprising:
- under the control of one or more computer systems configured with executable instructions,enabling a user to utilize a set of credentials to access resources in a directory within a managed directory service;
receiving, at the managed directory service, a first request from the user to access a subset of the one or more computing system services, different from the managed directory service, provided by the computing resource service provider, the first request comprising information based at least in part on the set of credentials;
authenticating, at the managed directory service, the user based at least in part on the set of credentials;
on a first condition that the user has been authenticated, identifying, at the managed directory service, one or more policies applicable to the user, the one or more policies at least defining a level of access to the one or more services based at least in part on the first request, the one or more policies defined using a policy generator interface that enables an administrative user to define the one or more policies based at least in part on the one or more services;
on a second condition that the identified one or more policies allow access, transmitting to an identity management service, different from the managed directory service, a second request for a set of one or more temporary credentials wherein the temporary credentials enable the user to access a subset of the one or more services;
receiving the set of one or more temporary credentials from the identity management service;
providing a reference to a network location usable to access the one or more services in accordance with the one or more policies; and
utilizing the received set of one or more temporary credentials to fulfill, at least in part, the first request from the user to access the one or more services.
1 Assignment
0 Petitions
Accused Products
Abstract
A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.
-
Citations
20 Claims
-
1. A computer-implemented method for enabling access to one or more computing system services provided by a computing resource service provider, comprising:
under the control of one or more computer systems configured with executable instructions, enabling a user to utilize a set of credentials to access resources in a directory within a managed directory service; receiving, at the managed directory service, a first request from the user to access a subset of the one or more computing system services, different from the managed directory service, provided by the computing resource service provider, the first request comprising information based at least in part on the set of credentials; authenticating, at the managed directory service, the user based at least in part on the set of credentials; on a first condition that the user has been authenticated, identifying, at the managed directory service, one or more policies applicable to the user, the one or more policies at least defining a level of access to the one or more services based at least in part on the first request, the one or more policies defined using a policy generator interface that enables an administrative user to define the one or more policies based at least in part on the one or more services; on a second condition that the identified one or more policies allow access, transmitting to an identity management service, different from the managed directory service, a second request for a set of one or more temporary credentials wherein the temporary credentials enable the user to access a subset of the one or more services; receiving the set of one or more temporary credentials from the identity management service; providing a reference to a network location usable to access the one or more services in accordance with the one or more policies; and utilizing the received set of one or more temporary credentials to fulfill, at least in part, the first request from the user to access the one or more services. - View Dependent Claims (2, 3, 4, 18)
-
5. A computer system, comprising:
-
one or more processors; and memory having collectively stored therein instructions that, when executed by the computer system, cause the computer system to; authenticate, at a directory service, a requestor utilizing credential information for accessing a directory within the directory service; identify one or more policies applicable to the requestor, the one or more policies defined using a policy generator interface that enables an administrative user to define the one or more policies based at least in part on the one or more services; receive, from the requestor, a request to access a subset of one or more services provided by a computing resource service provider, access to the subset of the one or more services managed by the directory within the directory service; as a result of authenticating the requestor, obtain, from a second service different from the directory service, temporary credential information to access the subset of the one or more services; provide a reference to a network location usable to access the one or more services in accordance with the one or more policies; and utilize the temporary credential information obtained from the second service, to fulfill, at least in part, the request to access the subset of the one or more services. - View Dependent Claims (6, 7, 8, 9, 10, 19)
-
-
11. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
-
verify, at a directory service, a requestor utilizing credential information to access a directory within the directory service is authorized to access the directory; receive, from the requestor, a request to access a subset of one or more services provided by a computing resource service provider; as a result of verifying, at the directory service, that the requestor is authorized to access the directory, identify one or more policies applicable to the requestor, the one or more policies managed by the directory within the directory service, defined using a policy generator interface that enables an administrative user to define the one or more policies based at least in part on the one or more services, and usable to define a level of access to the subset of the one or more services; on a condition that the identified one or more policies allow access, obtain, from a second service different from the directory service, temporary credential information to access the subset of the one or more services; provide a reference to a network location usable to access the one or more services in accordance with the one or more policies; and utilize the temporary credential information obtained from the second service to fulfill, at least in part, the request to access the subset of the one or more services. - View Dependent Claims (12, 13, 14, 15, 16, 17, 20)
-
Specification