公开(公告)号：US20170099292A1

公开(公告)日：2017-04-06

申请号：US14876629

申请日：2015-10-06

Applicant: NETFLIX, INC.

Inventor： Patrick Kelley ,  Ben Hagen ,  Jason Chan ,  Kevin Glisson

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/10 ,  H04L63/20 ,  H04L67/10 ,  H04L67/306

Abstract: Provided herein are systems and methods of managing permissions for applications deployed in a distributed computing infrastructure. An exemplary system includes an access management server having a processing device, a distributed computing infrastructure in communication with the management server having a plurality of resource instances and a request log, an administration system having a security application executing thereon. The security application has access policies associated with each of a plurality of applications. The processing device of the management server: receives application request information from the request log describing requests made by a first application being monitored by the access management server. The management server receives an access policy describing a set of accessible APIs associated with the first application from the security application and determines that access to a first API of the set should be removed, and modifies the access policy to remove access to the first API.

公开(公告)号：US09825956B2

公开(公告)日：2017-11-21

申请号：US14876629

申请日：2015-10-06

Applicant: NETFLIX, INC.

Inventor： Patrick Kelley ,  Ben Hagen ,  Jason Chan ,  Kevin Glisson

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/10 ,  H04L63/20 ,  H04L67/10 ,  H04L67/306

Abstract: Provided herein are systems and methods of managing permissions for applications deployed in a distributed computing infrastructure. An exemplary system includes an access management server having a processing device, a distributed computing infrastructure in communication with the management server having a plurality of resource instances and a request log, an administration system having a security application executing thereon. The security application has access policies associated with each of a plurality of applications. The processing device of the management server: receives application request information from the request log describing requests made by a first application being monitored by the access management server. The management server receives an access policy describing a set of accessible APIs associated with the first application from the security application and determines that access to a first API of the set should be removed, and modifies the access policy to remove access to the first API.