Secure resource authorization for external identities using remote principal objects
摘要
說明書
Group information 804 includes one or more of a group ID that identifies the group, a group domain ID that identifies the domain associated with the group, a task ID that identifies the task associated with the data resource, and a data resource ID that identifies the data resource itself. In embodiments, more or fewer of the listed information entries illustrated for group information 804 may be included.
Group members 806 includes a first group member with identifier “Member1” and a second group member with identifier “Member2,” although more or fewer of the listed member entries illustrated for group members 806 may be included, in addition to an empty set of members, in embodiments. Each entry of group members 806 may include an identifier as a member name, an alias, and/or any other type of identifier. As shown, group members 806 is a set or list of members, e.g., users/remote principals of a domain for which access to a data resource of another domain is sought in performance of a task. Additional information associated with entries of group members 806 is also contemplated herein, such as but not limited to, credential information, member roles, and/or the like, in embodiments. As noted above, group members include applications and/or services, according to embodiments.
