Delegating right to access resource or the like in access management system
    2.
    发明授权
    Delegating right to access resource or the like in access management system 有权
    在访问管理系统中授权访问资源等

    公开(公告)号:US07770206B2

    公开(公告)日:2010-08-03

    申请号:US11077574

    申请日:2005-03-11

    IPC分类号: G06F7/04

    摘要: A resource of a first organization provides access thereto to a requestor of a second organization. A first administrator of the first organization issues a first credential to a second administrator of the second organization, including policy that the second administrator may issue a second credential to the requestor on behalf of the first administrator. The second administrator issues the second credential to the requester, including the issued first credential. The requestor requests access from the resource and includes the issued first and second credentials. The resource validates that the issued first credential ties the first administrator to the second administrator, and that the issued second credential ties the second administrator to the requester. The resource thus knows that the request is based on rights delegated from the first administrator to the requester by way of the second administrator.

    摘要翻译: 第一组织的资源提供对第二组织的请求者的访问。 第一个组织的第一个管理员向第二个组织的第二个管理员颁发第一个凭据,包括第二个管理员可以代表第一个管理员向请求者发出第二个凭证的策略。 第二个管理员向请求者发出第二个凭证,包括发出的第一个凭证。 请求者请求从资源的访问,并且包括发出的第一和第二凭证。 该资源验证所发出的第一个凭证将第一个管理员与第二个管理员相关联,并且发出的第二个凭证将第二个管理员与请求者联系起来。 因此,该资源知道该请求基于通过第二管理员从第一管理员委派给请求者的权限。

    Access control policy engine controlling access to resource based on any of multiple received types of security tokens
    10.
    发明授权
    Access control policy engine controlling access to resource based on any of multiple received types of security tokens 有权
    访问控制策略引擎基于多种接收到的安全令牌中的任何一种来控制对资源的访问

    公开(公告)号:US07774830B2

    公开(公告)日:2010-08-10

    申请号:US11080806

    申请日:2005-03-14

    IPC分类号: H04L9/32

    摘要: An access control policy engine associated with a resource determines whether to allow a request to access same. The engine receives the request with an security token, retrieves the token determines a type thereof, and maps access decision information in the token to a common format as at least one security claim setting forth adequate information to determine a right of the requestor. Thereafter, the engine retrieves a set of rules for accessing the resource, applies the rules to the security claims to determine whether to allow the request from the requestor, and if the request is to be allowed, provides the requestor access to the resource in accordance with the request and the rights of the requestor as determined based on the security claims.

    摘要翻译: 与资源相关联的访问控制策略引擎确定是否允许请求访问它。 引擎使用安全令牌接收请求,检索令牌确定其类型,并将令牌中的访问决策信息映射到通用格式作为至少一个安全权利要求,其中提供足够的信息以确定请求者的权利。 此后,引擎检索用于访问资源的一组规则,将规则应用于安全声明以确定是否允许来自请求者的请求,并且如果请求被允许,则根据请求提供对资源的请求者访问 请求者的请求和权利根据担保权利要求确定。