公开(公告)号：US11595445B2

公开(公告)日：2023-02-28

申请号：US17165060

申请日：2021-02-02

Applicant: SAP SE

Inventor： Anett Lippert ,  Juergen Denner ,  Matthias Buehl

IPC: H04L9/40

Abstract: Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision.

公开(公告)号：US20220247787A1

公开(公告)日：2022-08-04

申请号：US17165060

申请日：2021-02-02

Applicant: SAP SE

Inventor： Anett Lippert ,  Juergen Denner ,  Matthias Buehl

IPC: H04L29/06

Abstract: Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision.