Target-based access check independent of access request
First Claim
Patent Images
1. A method comprising:
- building, at a target computing system controlling access to a resource, a context of a principal independently of the principal requesting access to the resource, the context including an authenticated identifier of the principal and one or more attributes associated with the principal; and
applying, at the target system and independently of the principal requesting access to the resource, an authorization policy to the context;
determining, at the target system based on the applying, whether the principal is permitted to access the resource;
providing, based on the determining, an indication of whether the principal is permitted to access the resource;
modifying the context;
applying, at the target system, the authorization policy to the modified context;
determining, at the target system based on the applying of the authorization policy to the modified context, whether a principal having the modified context is permitted to access the resource; and
providing, to an administrator and based on the determining of whether a principal having the modified context is permitted to access the resource, an indication of whether the principal having the modified context is permitted to access the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.
121 Citations
20 Claims
-
1. A method comprising:
-
building, at a target computing system controlling access to a resource, a context of a principal independently of the principal requesting access to the resource, the context including an authenticated identifier of the principal and one or more attributes associated with the principal; and applying, at the target system and independently of the principal requesting access to the resource, an authorization policy to the context; determining, at the target system based on the applying, whether the principal is permitted to access the resource; providing, based on the determining, an indication of whether the principal is permitted to access the resource; modifying the context; applying, at the target system, the authorization policy to the modified context; determining, at the target system based on the applying of the authorization policy to the modified context, whether a principal having the modified context is permitted to access the resource; and providing, to an administrator and based on the determining of whether a principal having the modified context is permitted to access the resource, an indication of whether the principal having the modified context is permitted to access the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more computer storage devices having stored thereon multiple instructions that, when executed by one or more processors of a target system, cause the one or more processors to:
-
build a context of a principal as if the principal were requesting access to a resource, a resource manager of the target system controlling access to the resource, the context including an authenticated identifier of the principal and one or more attributes associated with the principal; apply, independently of the principal requesting access to the resource, an authorization policy to the context to determine whether the principal is permitted to access the resource; and determine, at the target system based on the applying, whether the principal is permitted to access the resource; provide, to an administrator, an indication of whether the principal is permitted to access the resource; modify the context; apply, at the target system, the authorization policy to the modified context; determine, at the target system based on the applying of the authorization policy to the modified context, whether a principal having the modified context is permitted to access the resource; and provide, to an administrator and based on the determining of whether a principal having the modified context is permitted to access the resource, an indication of whether the principal having the modified context is permitted to access the resource. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising:
-
at least one processor; a memory, operatively connected to the at least one processor and containing instructions that, when executed by the at least one processor, cause the at least one processor to perform a method, the method comprising; building, at a target system controlling access to a resource, a context of a principal independently of the principal requesting access to the resource, the context including an authenticated identifier of the principal and one or more attributes associated with the principal; applying, at the target system and independently of the principal requesting access to the resource, an authorization policy to the context; determining, at the target system based on the applying, whether the principal is permitted to access the resource; providing, based on the determining, an indication of whether the principal is permitted to access the resource; modifying the context; applying, at the target system, the authorization policy to the modified context; determining, at the target system based on the applying of the authorization policy to the modified context, whether a principal having the modified context is permitted to access the resource; and providing, to an administrator and based on the determining of whether a principal having the modified context is permitted to access the resource, an indication of whether the principal having the modified context is permitted to access the resource. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification