Securing services and intra-service communications
First Claim
1. A method comprising:
- under control of one or more processors specifically configured with executable instructions,receiving, by a security service from a service provider that is separate from the security service, a registration for a service provided by the service provider, the registration identifying one or more application programming interfaces (APIs) related to the service;
receiving, by the security service from a first service consumer and a second service consumer, a request to access the service, the requests including an identification of the one or more APIs related to the service to be accessed by the first service consumer and by the second service consumer, the one or more APIs configured to provide a quantity of information in response to access requests from service consumers;
in response to receiving the requests to access the service, sending, by the security service to the service provider, a request to approve the access to the service by the first service consumer and by the second service consumer;
receiving, by the security service, approval from the service provider allowing the access to the service by the service consumer;
issuing a respective secret key to the first service consumer and to the second service consumer for use by the first service consumer and by the second service consumer to provide authentication information when accessing the service; and
defining an access policy based, at least in part, on the registration and the request, the access policy;
limiting the first service consumer and the second service consumer access to the one or more APIs related to the service, and the access policy defining a subset of the quantity of information available to the first service consumer and to the second service consumer from the service provider via the one or more APIs, with the subset being different for the first service consumer and for the second service consumer and associated with a third party separate from the first and second service consumer.
1 Assignment
0 Petitions
Accused Products
Abstract
A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
28 Citations
30 Claims
-
1. A method comprising:
under control of one or more processors specifically configured with executable instructions, receiving, by a security service from a service provider that is separate from the security service, a registration for a service provided by the service provider, the registration identifying one or more application programming interfaces (APIs) related to the service; receiving, by the security service from a first service consumer and a second service consumer, a request to access the service, the requests including an identification of the one or more APIs related to the service to be accessed by the first service consumer and by the second service consumer, the one or more APIs configured to provide a quantity of information in response to access requests from service consumers; in response to receiving the requests to access the service, sending, by the security service to the service provider, a request to approve the access to the service by the first service consumer and by the second service consumer; receiving, by the security service, approval from the service provider allowing the access to the service by the service consumer; issuing a respective secret key to the first service consumer and to the second service consumer for use by the first service consumer and by the second service consumer to provide authentication information when accessing the service; and defining an access policy based, at least in part, on the registration and the request, the access policy; limiting the first service consumer and the second service consumer access to the one or more APIs related to the service, and the access policy defining a subset of the quantity of information available to the first service consumer and to the second service consumer from the service provider via the one or more APIs, with the subset being different for the first service consumer and for the second service consumer and associated with a third party separate from the first and second service consumer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method comprising:
-
receiving, via one or more computing devices, a respective request from a first service consumer and from a second service consumer for authorization to access a service previously registered, the request including an estimated frequency at which the first service consumer and the second service consumer will access the service; requesting, via at least one of the one or more computing devices, from the first service consumer and from the second service consumer, a usage description associated with one or more application programming interfaces (APIs) of the service configured to provide a quantity of information in response to access requests from service consumers; and authorizing, via at least one of the one or more computing devices, the first service consumer and the second service consumer to access the service and have access to a subset of the quantity of information based, at least in part, on received approval from a provider of the service that is separate from the one or more computing devices, the subset being different for the first service consumer and for the second service consumer and associated with a third party separate from the first service consumer and from the second service consumer, and wherein the received approval is based at least in part on a response to the requesting of the usage description. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system comprising:
at least one computing device configured to implement one or more modules, wherein the one or more modules are configured for; receiving a request from a first service consumer and from a second service consumer for authorization to access a service, the request including an estimated frequency at which the first service consumer and the second service consumer will access the service; requesting, from the first service consumer and from the second service consumer, a usage description associated with one or more API of the service configured to provide a quantity of information in response to access requests from service consumers; and authorizing the first service consumer and the second service consumer to access the service and have access to a subset of the quantity of information based, at least in part, on received approval from a service provider that is separate from the at least one computing device and that provides the service, wherein the received approval is based at least in part on a response to the requesting of the usage description, the subset being different for the first service consumer and for the second service consumer and associated with a third party separate from the first service consumer and from the second service consumer. - View Dependent Claims (22, 23, 24, 25)
-
26. A method comprising:
-
receiving, by a computing device, a request from a first service consumer and a second service consumer for authorization to access a registered service configured to provide a quantity of information in response to access requests from service consumers, the request including an estimated frequency at which the first service consumer and at which the second service consumer will access the registered service; and based at least in part on received approval from a service provider that is separate from the computing device and that provides the registered service, establishing an access policy for the first service consumer and for the second service consumer in connection with the registered service, the access policy being established based, at least in part, on the estimated frequency, wherein the access policy limits access by the first service consumer and by the second service consumer to the registered service and limits access by the first service consumer and by the second service consumer to a subset of the quantity of information that is different for the first service consumer and for the second service consumer and associated with a third party separate from the first service consumer and from the second service consumer. - View Dependent Claims (27, 28, 29, 30)
-
Specification