Funding access in a distributed electronic environment
First Claim
1. A computer implemented method, comprising:
- receiving, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a cryptographic token generated by a third party identity provider, the cryptographic token including identity information for the entity and a specified user independent from the entity to authenticate the entity;
generating, by one or more computer systems, an applicable delegation profile for the request based at least in part on the user credential and the identity information for the entity, the applicable delegation profile comprising permissions for accessing the one or more resources and identifiers for one of the specified user or principals permitted to access the one or more resources according to the permissions;
identifying one or more parties to provide an amount of funding based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources;
determining whether the amount of funding is provided for the access in response to the identification of the one or more parties;
authenticating, by the one or more computer systems, the entity based at least in part on the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and
providing, by the one or more computer systems, the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions.
1 Assignment
0 Petitions
Accused Products
Abstract
Permissions can be delegated to enable access to resources associated with one or more different accounts, which might be associated with one or more different entities. Delegation profiles are established that are associated with at least one secured account of at least one customer. Each delegation profile includes information such as a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once a delegation profile is created, the profile can be available for external principals or services that provide a user credential delegated access under the account, where that credential is provided by a trusted identity service. Access can be provided across accounts using the user credential.
-
Citations
28 Claims
-
1. A computer implemented method, comprising:
-
receiving, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a cryptographic token generated by a third party identity provider, the cryptographic token including identity information for the entity and a specified user independent from the entity to authenticate the entity; generating, by one or more computer systems, an applicable delegation profile for the request based at least in part on the user credential and the identity information for the entity, the applicable delegation profile comprising permissions for accessing the one or more resources and identifiers for one of the specified user or principals permitted to access the one or more resources according to the permissions; identifying one or more parties to provide an amount of funding based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources; determining whether the amount of funding is provided for the access in response to the identification of the one or more parties; authenticating, by the one or more computer systems, the entity based at least in part on the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and providing, by the one or more computer systems, the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computer system to; receive, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a secure token generated by a third party identity provider, the secure token including identity information for the entity and a specified user independent from the entity; generate, by the processor, an applicable delegation profile for the request based at least in part on the user credential including the identity information for the entity, the applicable delegation profile comprising identifiers for one of the specified user or principals and permissions for accessing the one or more resources, the permissions applicable to the specified user or the principals; identify one or more parties to provide an amount of funding based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources; determine whether the amount of funding is provided for the access in response to the identification of the one or more parties; authenticating, by the processor, the entity based at least in part on the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and provide the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing system, cause the computing system to:
-
receive, from an entity, a request for access to one or more resources, the request associated with a user credential, the user credential comprising a cryptographic token generated by a third party identity provider and including identity information for the entity and a specified user independent from the entity; generate, by the at least one processor of the computing system, an applicable delegation profile for the request based at least in part on the user credential and the identity information for the entity, the applicable delegation profile comprising identifiers for one of the specified user or principals and permissions for accessing the one or more resources, the permissions applicable to the specified user or the principals; identify one or more parties to provide an amount of funding required to provide access based at least in part upon the request and the applicable delegation profile, the one or more parties to provide the amount of funding not associated with the specific user or principals permitted to access the one or more resources; determine whether the amount of funding is provided for the access in response to the identification of the one or more parties; authenticate, by the at least one processor of the computing system, the entity based at least in part upon the user credential and the determination that the amount of funding is provided, the user credential mapped to the identifiers for one of the specific user or principals permitted to access the one or more resources; and provide the entity with access to the one or more resources according to the applicable delegation profile based at least in part on the authentication of the entity, the access enabling the entity to act as the specified user on the one or more resources subject to the permissions. - View Dependent Claims (26, 27, 28)
-
Specification