System and method for zone access control
First Claim
1. A computer-implemented method comprising:
- receiving a first web service request for accessing a first resource of a first web service, the first web service request corresponding to a first user and comprising a first access token, first action data identifying a first action being requested to be applied to the first resource, and first resource data identifying the first resource;
identifying a first zone for the first web service request;
identifying a first security token provider based on the first access token;
identifying one or more trusted token providers for the identified first zone;
comparing the first identified security token provider to the identified one or more trusted token providers for the identified first zone;
generating, by a machine having a memory and at least one processor, a determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone;
denying the first web service request based on the determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone;
receiving a second web service request for accessing the first resource of the first web service, the second web service request comprising a second access token, the first action data identifying the first action being requested to be applied to the first resource, and the first resource data identifying the first resource;
identifying the first zone based on the second web service request;
identifying a second security token provider based on the second access token;
identifying the one or more trusted token providers for the identified first zone;
comparing the second identified security token provider of the second access token to the identified one or more trusted token providers for the identified first zone;
generating a determination that the identified second security token provider of the second access token matches one of the identified one or more trusted token providers for the identified first zone; and
permitting the second web service request based on the determination that the identified second security token provider matches one of the identified one or more trusted token providers for the identified first zone.
3 Assignments
0 Petitions
Accused Products
Abstract
In some example embodiments, a method comprises receiving a web service request for accessing a resource of a web service, with the web service request corresponding to a user and comprising an access token, identifying a zone for the web service request, identifying a security token provider based on the access token, identifying one or more trusted token providers for the zone, comparing the security token provider to the trusted token provider(s) for the zone, generating a determination that the security token provider does not match any of the trusted token provider(s) for the zone, and denying the web service request based on the determination that the security token provider does not match any of the trusted token provider(s) for the zone.
-
Citations
17 Claims
-
1. A computer-implemented method comprising:
-
receiving a first web service request for accessing a first resource of a first web service, the first web service request corresponding to a first user and comprising a first access token, first action data identifying a first action being requested to be applied to the first resource, and first resource data identifying the first resource; identifying a first zone for the first web service request; identifying a first security token provider based on the first access token; identifying one or more trusted token providers for the identified first zone; comparing the first identified security token provider to the identified one or more trusted token providers for the identified first zone; generating, by a machine having a memory and at least one processor, a determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone; denying the first web service request based on the determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone; receiving a second web service request for accessing the first resource of the first web service, the second web service request comprising a second access token, the first action data identifying the first action being requested to be applied to the first resource, and the first resource data identifying the first resource; identifying the first zone based on the second web service request; identifying a second security token provider based on the second access token; identifying the one or more trusted token providers for the identified first zone; comparing the second identified security token provider of the second access token to the identified one or more trusted token providers for the identified first zone; generating a determination that the identified second security token provider of the second access token matches one of the identified one or more trusted token providers for the identified first zone; and permitting the second web service request based on the determination that the identified second security token provider matches one of the identified one or more trusted token providers for the identified first zone. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
at least one processor; and a non-transitory computer-readable medium storing executable instructions that, when executed, cause the at least one processor to perform operations comprising; receiving a first web service request for accessing a first resource of a first web service, the first web service request corresponding to a first user and comprising a first access token, first action data identifying a first action being requested to be applied to the first resource, and first resource data identifying the first resource; identifying a first zone for the first web service request; identifying a first security token provider based on the first access token; identifying one or more trusted token providers for the identified first zone; comparing the first identified security token provider to the identified one or more trusted token providers for the identified first zone; generating a determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone; denying the first web service request based on the determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone; receiving a second web service request for accessing the first resource of the first web service, the second web service request comprising a second access token, the first action data identifying the first action being requested to be applied to the first resource, and the first resource data identifying the first resource; identifying the first zone based on the second web service request; identifying a second security token provider based on the second access token; identifying the one or more trusted token providers for the identified first zone; comparing the second identified security token provider of the second access token to the identified one or more trusted token providers for the identified first zone; generating a determination that the identified second security token provider of the second access token matches one of the identified one or more trusted token providers for the identified first zone; and permitting the second web service request based on the determination that the identified second security token provider matches one of the identified one or more trusted token providers for the identified first zone. - View Dependent Claims (16)
-
-
17. A non-transitory machine-readable storage medium, tangibly embodying a set of instructions that, when executed by at least one processor, causes the at least one processor to perform operations comprising:
-
receiving a first web service request for accessing a first resource of a first web service, the first web service request corresponding to a first user and comprising a first access token, first action data identifying a first action being requested to be applied to the first resource, and first resource data identifying the first resource; identifying a first zone for the first web service request; identifying a first security token provider based on the first access token; identifying one or more trusted token providers for the identified first zone; comparing the first identified security token provider to the identified one or more trusted token providers for the identified first zone; generating a determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone; denying the first web service request based on the determination that the identified first security token provider does not match any of the identified one or more trusted token providers for the identified first zone; receiving a second web service request for accessing the first resource of the first web service, the second web service request comprising a second access token, the first action data identifying the first action being requested to be applied to the first resource, and the first resource data identifying the first resource; identifying the first zone based on the second web service request; identifying a second security token provider based on the second access token; identifying the one or more trusted token providers for the identified first zone; comparing the second identified security token provider of the second access token to the identified one or more trusted token providers for the identified first zone; generating a determination that the identified second security token provider of the second access token matches one of the identified one or more trusted token providers for the identified first zone; and permitting the second web service request based on the determination that the identified second security token provider matches one of the identified one or more trusted token providers for the identified first zone.
-
Specification