Identity cloud service authorization model with dynamic roles and scopes

Assignee

• Oracle International Corporation · US

Inventors

• Sirish V. Vepa · Aundh, IN
• Sreedhar Katti · Bengaluru, IN
• Maheshkumar Shivlal Dhaduk · Amroli, IN
• Vadim Lander · Newton, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/629
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system for authorizing access to a resource associated with a tenancy in an identity management system that includes a plurality of tenancies receives an access token request for an access token that corresponds to the resource, the request including user information and application information, the user information including roles of a user and the application information including roles of the application. The system evaluates the access token request by computing dynamic roles and corresponding dynamic scopes for the access token including a second intersection between the dynamic roles of the user and the dynamic roles of the application. The system then provides the access token that includes the computed static scopes, where the scopes are based at least on the roles of the user and the roles of the application, and further including the computed dynamic roles and corresponding dynamic scopes.