白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Secure resource authorization for external identities using remote principal objects

專利號(hào)
US11888856B2
公開日期
2024-01-30
申請(qǐng)人
Microsoft Technology Licensing, LLC(US WA Redmond)
發(fā)明人
Charles Prakash Rao Dasari; Maksym Yaryn; Debashis Choudhury; Jeffrey A Staiman
IPC分類
H04L9/40
技術(shù)領(lǐng)域
domain,principal,remote,tenant,resource,rpo,access,in,directory,data
地域: WA WA Redmond

摘要

Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

說明書

Regarding sign-in/authentication activity, when a user/remote principal signs-in to the data resource owner domain from their own domain, the owner should know that a sign-in occurred and a token was issued to a data resource in their domain. The specific identity of the remote principal that was authentication, as well as their geographic location, are private with respect to the remote principal's domain and are thus not shared with the data resource owner, in embodiments. The service provider should know that one of their users signed-in to the customer tenant. The remote principal's domain however, is provided complete details of the sign-in/authentication for tasks and access to data resources, including who, when, from where, and/or the like.

Regarding activity audits, each activity performed (including reads) through the tokens issued to remote principals are tracked and made available to the data resource owner's domain, in embodiments. The audits of write activities made available to the data resource owner's domain include the RPO identifier and then token identifier instead of the actual user/remote principal identity.

Systems and devices are configured in various ways to perform secure resource authorization for external identities using remote principal objects—in this context, FIGS. 7, 8, and 9 are now described.

權(quán)利要求

1
微信群二維碼
意見反饋