Securing services and intra-service communications
First Claim
1. A method comprising:
- receiving, by a security service, from a service provider that is separate from the security service, a registration for a service provided by the service provider, the registration identifying one or more application programming interfaces (APIs) related to the service;
receiving, by the security service, from a first service consumer and a second service consumer, a respective request to access the service, the respective requests including an identification of the one or more APIs related to the service to be accessed by the first service consumer and by the second service consumer, the one or more APIs providing a quantity of information in response to access requests from service consumers; and
defining an access policy limiting the first service consumer and the second service consumer access to the one or more APIs related to the service, and the access policy defining a subset of the quantity of information available to the first service consumer and to the second service consumer from the service provider via the one or more APIs, with the subset being different for the first service consumer and for the second service consumer and associated with a third party separate from the first and second service consumer.
1 Assignment
0 Petitions
Accused Products
Abstract
A security service enables service providers to register available services. Prospective service consumers may register with the security service to access a particular registered service, and may specify conditions for access that are subject to approval by the corresponding service provider. Based on the registrations of the service provider and the service consumer, the security service can define access policies that may be enforced to control the conditions under which a service consumer accesses or utilizes the particular service. Additionally, changes to the access policies may be propagated to running services in near real time. Some implementations enable masking of information provided to particular service consumers based on determined needs of each service consumer for access to particular information. In some instances, the service providers may provide log information to the security service, which may be monitored to identify anomalies, security breaches or the like.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving, by a security service, from a service provider that is separate from the security service, a registration for a service provided by the service provider, the registration identifying one or more application programming interfaces (APIs) related to the service; receiving, by the security service, from a first service consumer and a second service consumer, a respective request to access the service, the respective requests including an identification of the one or more APIs related to the service to be accessed by the first service consumer and by the second service consumer, the one or more APIs providing a quantity of information in response to access requests from service consumers; and defining an access policy limiting the first service consumer and the second service consumer access to the one or more APIs related to the service, and the access policy defining a subset of the quantity of information available to the first service consumer and to the second service consumer from the service provider via the one or more APIs, with the subset being different for the first service consumer and for the second service consumer and associated with a third party separate from the first and second service consumer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
at least one computing device that implements one or more services, wherein the one or more services; receive a registration identifying one or more application programming interfaces (APIs) related to a service provided by a service provider; receive a first request associated with a first service consumer, the first request including an identification of the one or more APIs related to the service to be accessed by the first service consumer, the one or more APIs providing a quantity of information in response to access requests from service consumers; and define an access policy that; limits the first service consumer access to the one or more APIs related to the service, and defines a first subset of the quantity of information available to the first service consumer from the service provider via the one or more APIs, with the first subset being different than a second subset of the quantity of information available to a second service consumer via the one or more APIs related to the service, the quantity of information associated with a third party separate from the first and second service consumer. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, at a security service, a registration identifying one or more application programming interfaces (APIs) related to a service provided by a service provider, the one or more APIs providing a quantity of information in response to access requests from service consumers; receive a first request from a first service consumer indicating the one or more APIs related to the service to be accessed by the first service consumer; and define an access policy based at least in part on the first request that; limits the first service consumer access to the one or more APIs related to the service; and defines a first subset of the quantity of information available to the first service consumer from the service provider via the one or more APIs, with the first subset being different than a second subset of the quantity of information available to a second service consumer via the one or more APIs related to the service, the quantity of information associated with a third party separate from the first and second service consumer. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification