公开(公告)号：US12184659B2

公开(公告)日：2024-12-31

申请号：US18047727

申请日：2022-10-19

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/00 ,  H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US12113832B2

公开(公告)日：2024-10-08

申请号：US18057057

申请日：2022-11-18

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/20 ,  H04L63/104

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

公开(公告)号：US11632364B1

公开(公告)日：2023-04-18

申请号：US17305179

申请日：2021-07-01

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Mamata Devabhaktuni

IPC: H04L9/40 ,  G06F21/31

Abstract: A controller may be used to create and process an assertion, in some cases, to implement single-sign on (SSO) in a computer network. In some examples, the controller includes processing circuitry coupled to a storage device. The processing circuitry is configured to create the assertion, where the assertion includes information indicative of a set of attributes and parse the assertion to determine the set of attributes. Additionally, the processing circuitry is configured to determine if each attribute of the set of attributes maps to a plurality of primary user groups stored in the storage device. Based on determining that an attribute of the set of attributes does not map to at least one primary user group of the plurality of primary user groups, the processing circuitry is configured to create a set of secondary user groups and a set of secondary user group names corresponding to the attribute.

公开(公告)号：US20230079770A1

公开(公告)日：2023-03-16

申请号：US18057057

申请日：2022-11-18

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L9/40

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

公开(公告)号：US20230061080A1

公开(公告)日：2023-03-02

申请号：US18047727

申请日：2022-10-19

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US11516254B2

公开(公告)日：2022-11-29

申请号：US16447733

申请日：2019-06-20

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/06 ,  H04L9/40

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

公开(公告)号：US11516220B1

公开(公告)日：2022-11-29

申请号：US16235739

申请日：2018-12-28

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Rong Xie

IPC: H04L29/00 ,  H04L9/40

Abstract: This disclosure is directed to devices, systems, and techniques for enforcing access to resources within a computer network. In some examples, a system includes a network managed by a service provider and configured to provide a plurality of microservices to a plurality of tenants each having one or more users and a controller having access to the network. The controller is configured to output, to a user interface, data indicative of a plurality of capabilities for presentation by the user interface and receive, from the user interface, data indicative of a user selection of a set of capabilities and a user selection of a new role identifier. The controller is further configured to create, based on the set of capabilities and the role identifier, a role which enables access to a set of actions within a computer network, the set of actions corresponding to the set of capabilities.

公开(公告)号：US11070540B1

公开(公告)日：2021-07-20

申请号：US16235647

申请日：2018-12-28

Applicant: Juniper Networks, Inc.

Inventor： Gurminder Singh ,  Pei-Yu Yang ,  Mamata Devabhaktuni

IPC: H04L29/06 ,  G06F21/31

Abstract: A controller may be used to create and process an assertion, in some cases, to implement single-sign on (SSO) in a computer network. In some examples, the controller includes processing circuitry coupled to a storage device. The processing circuitry is configured to create the assertion, where the assertion includes information indicative of a set of attributes and parse the assertion to determine the set of attributes. Additionally, the processing circuitry is configured to determine if each attribute of the set of attributes maps to a plurality of primary user groups stored in the storage device. Based on determining that an attribute of the set of attributes does not map to at least one primary user group of the plurality of primary user groups, the processing circuitry is configured to create a set of secondary user groups and a set of secondary user group names corresponding to the attribute.