白丝美女被狂躁免费视频网站,500av导航大全精品,yw.193.cnc爆乳尤物未满,97se亚洲综合色区,аⅴ天堂中文在线网官网

Secure resource authorization for external identities using remote principal objects

專利號
US11888856B2
公開日期
2024-01-30
申請人
Microsoft Technology Licensing, LLC(US WA Redmond)
發(fā)明人
Charles Prakash Rao Dasari; Maksym Yaryn; Debashis Choudhury; Jeffrey A Staiman
IPC分類
H04L9/40
技術領域
domain,principal,remote,tenant,resource,rpo,access,in,directory,data
地域: WA WA Redmond

摘要

Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

說明書

For identity providers (IdPs) outside of cloud-based platforms and/or domains associated with data resource ownership and/or requested access, RPOs are also configurable to support IdPs, enabling managed service providers (MSPs) and CSPs that operate across cloud platforms to simplify their access management to data resources in owner domains, without duplication of their identities and increasing the security risk. In other words, the described embodiments provide for equal applicability to first party entities as well as to third party entities.

Still further, while be extensible thereto, the described embodiments do not disrupt existing authentication models such as guest-access and other models. That is, the RPO embodiments herein can be used in addition to, or in lieu of, these existing models which may still be utilized in the same platform/system to serve specific scenarios.

The additional examples and embodiments described in this Section may be applicable to examples disclosed in any other Section or subsection of this disclosure.

權利要求

1
微信群二維碼
意見反饋