×

Access control using impersonization

  • US 9,420,007 B1
  • Filed: 12/04/2013
  • Issued: 08/16/2016
  • Est. Priority Date: 12/04/2013
  • Status: Active Grant
First Claim
Patent Images

1. A system of a virtual computing resource service provider, comprising a plurality of computing devices collectively configured to implement an authentication system, a policy evaluation system and a first and second and third computing resource service, wherein:

  • the authentication system processes an authentication request by verifying an electronic signature of a first request and provides an authentication response having information identifying a set of computing resource services being a cause of the authentication request;

    the first computing resource service receives the first request and, as a result, submits the authentication request to the authentication system, receives the authentication response and, as part of fulfilling the first request, uses the authentication response to submit a second request to the second computing resource service;

    the first request triggered by a single customer request and the second request being triggered by the first request;

    the policy evaluation system evaluates, based at least in part on a user profile associated with the single customer request and the information identifying the set of computing resource services that caused the authentication request including the first computing resource service, a set of policies applicable to the second request to determine a policy determination;

    the second computing resource service receives the second request from the first computing resource service and processes the second request in accordance with the policy determination;

    the third computing resource service receives a third request from the second computing resource service, the third request triggered by the second request, the first request, and the single customer request; and

    the third computing resource service processes the third request in accordance with a policy based at least in part on the user profile associated with the single customer request and information identifying a set of computing resource services that triggered the third request, including the first and second computing resource service.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×