白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Secure resource authorization for external identities using remote principal objects

專利號(hào)
US11888856B2
公開(kāi)日期
2024-01-30
申請(qǐng)人
Microsoft Technology Licensing, LLC(US WA Redmond)
發(fā)明人
Charles Prakash Rao Dasari; Maksym Yaryn; Debashis Choudhury; Jeffrey A Staiman
IPC分類
H04L9/40
技術(shù)領(lǐng)域
domain,principal,remote,tenant,resource,rpo,access,in,directory,data
地域: WA WA Redmond

摘要

Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

說(shuō)明書(shū)

Systems, devices, and apparatuses may be configured in various ways for authorizing access by a remote principal of a second domain to a secure data resource in a first domain. For instance, FIG. 1A and FIG. 1B will now be described. FIG. 1A shows a block diagram of a system 100A, and FIG. 1B shows a block diagram of a cloud-based system 100B, each configured for secure resource authorization of external identities using remote principal objects, according to example embodiments.

As shown in FIG. 1A, system 100A includes user(s) device(s) 116, a services platform 102, a first domain host 104, and a second domain host 106. In embodiments, user(s) device(s) 116, services platform 102, first domain host 104, and second domain host 106 communicate with each other over a network 114. It should be noted that in various embodiments different numbers of user(s) device(s), services platforms, first domain hosts, and/or second domain hosts are present. Additionally, according to embodiments, any combination of the systems and/or components illustrated in FIG. 1A are present in system 100A.

Network 114 comprises different numbers and/or types of communication links that connect devices, platforms, and hosts/servers such as, but not limited to, the Internet, wired or wireless networks and portions thereof, point-to-point connections, local area networks, enterprise networks, cloud networks, and/or the like, in embodiments.

權(quán)利要求

1
微信群二維碼
意見(jiàn)反饋