Fine-grained token based access control

Assignee

• International Business Machines Corporation · US

Inventors

• Martin Smolny · Hessenhöfe, DE
• Thomas Dürr · Magstadt, DE
• Michael Beck · Lauderdale, US
• Juergen Schaeck · Achern, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/108
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for a token-based authorization in a data processing environment may be provided. The data processing environment comprises at least a user system, an application, an authentication server and an access control server. The method comprises accessing the application via a user system request, redirecting the user access request to an authentication server, authenticating the user, wherein authentication credentials comprise a request for a restricted entitlement, wherein the restricted entitlement represents a subset of existing entitlements managed by the access control server for a resource. The method comprises also sending an access token from the authentication server to the application, requesting execution of an operation comprising invoking the operation by the application providing the access token comprising restricted entitlements, invoking the access control server, and providing the scope of the token comprising the subset of the existing entitlements.