×

User managed access scope specific obligation policy for authorization

  • US 9,906,558 B2
  • Filed: 06/24/2015
  • Issued: 02/27/2018
  • Est. Priority Date: 06/24/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • sending, from an authorization server module over a communication network to a delegator device, a request for a first delegated authorization grant data set;

    receiving, by the authorization server module over a communication network and from the delegator device, the first delegated authorization grant data set, with the first delegated authorization grant data set defining a scope of a first delegated authorization grant from the delegator device to a delegatee entity with respect to a first resource, with the first delegated authorization grant data set including;

    (i) a first scope variable value having been selected by a delegator entity through a delegation grant scope user interface on the delegator device, and (ii) a scope specific obligation policy;

    modifying the first scope variable value by the delegator entity during a lifetime of the first delegated authorization grant, to produce a modified scope of the first delegated authorization grant;

    modifying the scope specific obligation policy during the lifetime of the first delegated authorization grant, to produce a modified scope specific obligation policy; and

    controlling access to the first resource by the delegatee entity through the communication network in a manner limited by the modified scope of the first delegated authorization grant defined by the first delegated authorization grant data set;

    wherein;

    the request for a first delegated authorization grant data set includes a first obligation correlation token, andthe first delegated authorization grant data set includes the first obligation correlation token.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×