公开(公告)号：US20160315965A1

公开(公告)日：2016-10-27

申请号：US14974836

申请日：2015-12-18

Applicant: Oracle International Corporation

Inventor： Hari Sastry ,  Krishnakumar Sriramadhesikan ,  Vineet Garg ,  Sirish V. Vepa ,  Srivatsa Manjunath ,  Yi Wang

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/102 ,  H04L63/105

Abstract: Application customization enables many different types of customers, from small companies to large multinational enterprises, to use various applications provided by a cloud service provider. To accommodate these customizations, previous systems generally require manual human intervention to identify custom, customized, and cloud service provider authorization policies (also referred to herein as “seed” authorization policies) and to decide how each type of authorization policy should be upgraded. When applications are customized, artifacts that represent those customizations can be created. In some embodiments, the customizations can include new resources or entitlements, and grants to new roles. In addition to new resources, entitlements, and grants, existing resources, entitlements, and grants can be modified and artifacts corresponding to those modifications can be generated. Embodiments of the present invention provide improved techniques for tracking and managing customizations to simplify and automate upgrade processes.

Abstract translation: 应用程序定制使许多不同类型的客户从小公司到大型跨国企业都能使用云服务提供商提供的各种应用程序。 为了适应这些定制，以前的系统通常需要手动的人为干预来识别自定义的，定制的和云服务提供商的授权策略（这里也称为“种子”授权策略），并且决定如何升级每种类型的授权策略。 当定制应用程序时，可以创建代表这些自定义的工件。 在一些实施例中，定制可以包括新的资源或权利，并且授予新的角色。 除新资源外，还可以修改权利和授权，现有资源，授权和授权，并且可以生成与这些修改相对应的工件。 本发明的实施例提供了用于跟踪和管理定制以便简化和自动化升级过程的改进技术。

公开(公告)号：US11120108B2

公开(公告)日：2021-09-14

申请号：US16147279

申请日：2018-09-28

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Amit Agarwal ,  Dongguang Zhou ,  Vineet Garg ,  Krishnakumar Sriramadhesikan ,  Supriya Kalyanasundaram ,  Yulong Cao ,  Srivatsa Manjunath ,  Anant D. Kadam ,  Deepika Damojipurapu

IPC: G06F21/31 ,  G06F21/60

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

公开(公告)号：US20160315943A1

公开(公告)日：2016-10-27

申请号：US14975208

申请日：2015-12-18

Applicant: Oracle International Corporation

Inventor： Srivatsa Manjunath ,  Yulong Cao ,  Premal Ramesh Desai ,  Juan Li ,  Cai Wenliang ,  Ding Wenfang

IPC: H04L29/06

CPC classification number: H04L63/102 ,  H04L63/20

Abstract: In certain embodiments, techniques are provided (e.g., a method, a system, non-transitory computer-readable medium storing code or instructions executable by one or more processors) to provide fine grained protection of resources in an access management environment. An access management service can intercept requests for resources (e.g., content in a content management system) and provide fine-grained authorization service for content management systems, such as Microsoft Office Sharepoint Server. The access management service can provide external policy management, evaluation and enforcement for content management systems. The access management service can include a plurality of plugins associated with different types of resources available through the content management systems. Integrating an access management service with content management systems provides both user and administrator efficiencies while enforcing a consistent level of access security across an enterprise system.

Abstract translation: 在某些实施例中，提供了技术（例如，方法，系统，存储可由一个或多个处理器执行的代码或指令的非暂时计算机可读介质），以在访问管理环境中提供对资源的细粒度保护。 访问管理服务可以拦截对资源的请求（例如，内容管理系统中的内容），并为内容管理系统（例如Microsoft Office Sharepoint Server）提供细粒度的授权服务。 访问管理服务可以为内容管理系统提供外部策略管理，评估和执行。 访问管理服务可以包括与通过内容管理系统可用的不同类型的资源相关联的多个插件。 将访问管理服务与内容管理系统集成在一起提供用户和管理员的效率，同时在整个企业系统中实施一致的访问安全级别。

公开(公告)号：US10142371B2

公开(公告)日：2018-11-27

申请号：US14974836

申请日：2015-12-18

Applicant: Oracle International Corporation

Inventor： Hari Sastry ,  Krishnakumar Sriramadhesikan ,  Vineet Garg ,  Sirish V. Vepa ,  Srivatsa Manjunath ,  Yi Wang

IPC: H04L29/06

Abstract: Application customization enables many different types of customers, from small companies to large multinational enterprises, to use various applications provided by a cloud service provider. To accommodate these customizations, previous systems generally require manual human intervention to identify custom, customized, and cloud service provider authorization policies (also referred to herein as “seed” authorization policies) and to decide how each type of authorization policy should be upgraded. When applications are customized, artifacts that represent those customizations can be created. In some embodiments, the customizations can include new resources or entitlements, and grants to new roles. In addition to new resources, entitlements, and grants, existing resources, entitlements, and grants can be modified and artifacts corresponding to those modifications can be generated. Embodiments of the present invention provide improved techniques for tracking and managing customizations to simplify and automate upgrade processes.

公开(公告)号：US20190102526A1

公开(公告)日：2019-04-04

申请号：US16147279

申请日：2018-09-28

Applicant: Oracle International Corporation

Inventor： Rohit Koul ,  Amit Agarwal ,  Dongguang Zhou ,  Vineet Garg ,  Krishnakumar Sriramadhesikan ,  Supriya Kalyanasundaram ,  Yulong Cao ,  Srivatsa Manjunath ,  Anant D. Kadam ,  Deepika Damojipurapu

IPC: G06F21/31 ,  G06F21/60

Abstract: The present disclosure relates generally to managing security artifacts for a software application executing on a software stack. Techniques are described for defining a security configuration such that each layer of the software stack may be associated with one or more datastores, each datastore including one or more security artifacts for a particular layer. The security configuration may specify, for example, an order in which the various datastores are to be accessed when a request is received for a security artifact that is available from multiple datastores. Using the security configuration, access to security artifacts can be handled in connection with requests generated through a particular layer in the stack. A system managing the security artifacts can provide a unified view of the datastores such that, from the end-user's perspective, there is only one logical datastore.

公开(公告)号：US10104086B2

公开(公告)日：2018-10-16

申请号：US14975208

申请日：2015-12-18

Applicant: Oracle International Corporation

Inventor： Srivatsa Manjunath ,  Yulong Cao ,  Premal Ramesh Desai ,  Juan Li ,  Cai Wenliang ,  Ding Wenfang

IPC: H04L29/06

Abstract: In certain embodiments, techniques are provided (e.g., a method, a system, non-transitory computer-readable medium storing code or instructions executable by one or more processors) to provide fine grained protection of resources in an access management environment. An access management service can intercept requests for resources (e.g., content in a content management system) and provide fine-grained authorization service for content management systems, such as Microsoft Office Sharepoint Server. The access management service can provide external policy management, evaluation and enforcement for content management systems. The access management service can include a plurality of plugins associated with different types of resources available through the content management systems. Integrating an access management service with content management systems provides both user and administrator efficiencies while enforcing a consistent level of access security across an enterprise system.