公开(公告)号：US20170034172A1

公开(公告)日：2017-02-02

申请号：US14942195

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Hua Cui ,  Ian Remmel

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F21/33 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0815

Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.

Abstract translation: 提供了用于增强标准OAuth2授权框架的能力的技术，以便允许客户端消耗驻留在不相交的安全域中的多个资源服务器的服务，同时仅需要一次一次的用户认证。 提供对跨越多个安全域分发的资源服务的访问的访问令牌被划分成多个缩小范围的访问令牌。 每个缩小范围的访问令牌仅限于访问令牌的授权范围的子集，基于该子集提供对特定安全域中的资源服务的访问。

公开(公告)号：US10104084B2

公开(公告)日：2018-10-16

申请号：US14942195

申请日：2015-11-16

Applicant: Cisco Technology, Inc.

Inventor： Andrew Biggs ,  Shaun Cooley ,  Matt Miller ,  Hua Cui ,  Ian Remmel

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/33

Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.