Access relationship in a computer system
First Claim
1. A method in a computerized system comprising:
- configuring, by a credential management apparatus, at least one source restriction for an access relationship restricting access from a source entity to a destination entity;
matching an identification of a particular authenticator against a configured authorized authenticator;
evaluating a source restriction, configured for the authorized authenticator, from the at least one source restriction, against information about one or more entities having access to the particular authenticator to determine whether the access relationship is permitted by the source restriction; and
performing a management action on information of the access relationship related to the authorized authenticator in a record of access relationships in response to determining that the access relationship is not permitted by the source restriction,wherein the management action includes at least one of storing the access relationship in the record of access relationships with a marking that the access relationship is not permitted, not storing the access relationship, or updating information about the access relationship in the record of access relationships to indicate that the access relationship is no longer permitted by a source restriction.
1 Assignment
0 Petitions
Accused Products
Abstract
Various mechanisms can be used for authorizing access between entities in a computing environment. Configuring such access may involve configuration data stored on one or more of the computing devices or stored externally to the computing devices. Various aspect are disclosed herein for collecting, analyzing, correlating, organizing, storing, using and/or displaying such information, for example in the form of pre-analyzed access relationships between entities in the computing environment. In accordance with an aspect access-related configuration information is collected from a plurality of entities and an access relationship between two or more entities is determined based on the configuration information. Information about the determined access relationship is stored in a non-volatile storage. The information identifies a source entity and a destination entity and the determined access relationship defines a user account associated with the source entity and authorized to log into a user account associated with the destination entity.
55 Citations
27 Claims
-
1. A method in a computerized system comprising:
-
configuring, by a credential management apparatus, at least one source restriction for an access relationship restricting access from a source entity to a destination entity; matching an identification of a particular authenticator against a configured authorized authenticator; evaluating a source restriction, configured for the authorized authenticator, from the at least one source restriction, against information about one or more entities having access to the particular authenticator to determine whether the access relationship is permitted by the source restriction; and performing a management action on information of the access relationship related to the authorized authenticator in a record of access relationships in response to determining that the access relationship is not permitted by the source restriction, wherein the management action includes at least one of storing the access relationship in the record of access relationships with a marking that the access relationship is not permitted, not storing the access relationship, or updating information about the access relationship in the record of access relationships to indicate that the access relationship is no longer permitted by a source restriction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured, with the at least one processor, to cause the apparatus to; configure at least one source restriction for access relationships restricting access from a source entity to a destination entity, match an identification of an authenticator against a configured authorized authenticator, evaluate a source restriction configured for the authorized authenticator against information about one or more entities having access to the authenticator to determine whether the access relationship is permitted by the source restriction, and perform a management action on information of an access relationship related to the authorized authenticator in a record of access relationships in response to determining that the access relationship is not permitted by the source restriction, wherein the management action includes at least one of store the access relationship with a marking that the access relationship as not permitted, not store the access relationship, or update information about the access relationship to indicate that it is no longer permitted by a source restriction. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A non-transitory computer readable media comprising program code for causing an apparatus comprising a processor to perform instructions comprising:
-
configuring at least one source restriction for access relationships restricting access from a source entity to a destination entity; matching an identification of an authenticator against a configured authorized authenticator; evaluating a source restriction configured for the authorized authenticator against information about one or more entities having access to the authenticator to determine whether the access relationship is permitted by the source restriction; and performing a management action on information of an access relationship related to the authorized authenticator in a record of access relationships in response to determining that the access relationship is not permitted by the source restriction, wherein the management action includes at least one of storing the access relationship in the record of access relationships with a marking that the access relationship is not permitted, not storing the access relationship, or updating information about the access relationship in the record of access relationships to indicate that the access relationship is no longer permitted by a source restriction.
-
Specification