公开(公告)号：US20240179182A1

公开(公告)日：2024-05-30

申请号：US18070349

申请日：2022-11-28

Applicant: Amazon Technologies, Inc.

Inventor： Michael W. HICKS ,  John Holman KASTNER ,  Emina TORLAK ,  Richard Matthew MCCUTCHEN ,  Darin MCADAMS ,  Neha RUNGTA ,  Aaron Joseph ELINE ,  Joseph Wallace CUTLER ,  Eleftherios IOANNIDIS

IPC: H04L9/40

CPC classification number: H04L63/20

Abstract: A system and method for authorization policy validation. A validator takes as input an authorization policy to be analyzed and a schema that specifies entity types and their attributes, types of entity parents in an entity hierarchy, and which entity types can be used with which actions. The validator checks that the policy conforms to the schema. If the check passes, then the policy is guaranteed to be free of both type errors and attribute access errors for any input that conforms to the schema.

公开(公告)号：US20240179181A1

公开(公告)日：2024-05-30

申请号：US18070321

申请日：2022-11-28

Applicant: Amazon Technologies, Inc.

Inventor： Emina TORLAK ,  Darin MCADAMS ,  Neha RUNGTA ,  Michael W. HICKS ,  Craig Ryan DISSELKOEN ,  Aaron Joseph ELINE ,  John Holman KASTNER ,  Kyle HEADLEY ,  Anwar MAMAT ,  Richard Matthew MCCUTCHEN ,  Andrew Marshall WELLS ,  Kesha Hanne HIETALA ,  Shaobo HE ,  Mark Edward STALZER ,  Julian LOVELOCK

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/104

Abstract: A system and method for authorization policy evaluation. Authorization policies are authored in a general-purpose authorization language. An evaluation engine is used in a provider network by application developers to manage access within their applications based on fine-grained permissions. The policy language combines elements of role-based and attributed-based access control within an intuitive syntax and efficient evaluation strategy. The policy syntax separates role-based expressions of a policy from attribute-based expressions of the policy.