Controlling access to cloud resources in data using cloud-enabled data tagging and a dynamic access control policy engine

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Daniel John CARROLL, JR. · Columbia, US
• Kameshwar Jayaraman · Redmond, US
• Stuart L. S. Kwan · Bellevue, US
• Kartik Tirunelveli Kanakasabesan · Sammamish, US
• Shefali Gulati · Redmond, US
• Charles G. Jeffries · Sammamish, US
• Ganesh Pandey · Redmond, US
• Roberto C. Taboada · Duvall, US
• Parul Manek · Redmond, US
• Steven Mark Silverberg · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2141
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.