Authentication and authorization for cloud file system

Assignee

• Alibaba Group Holding Limited · KY

Inventors

• Qingda Lu · Bellevue, US
• Junpu Chen · Redmond, US
• Qinghua Ye · Lo Wu, CN
• Lei Wang · Hangzhou City, CN
• Zhiyong Lin · Tangxia, CN
• Liping Bao · Sammamish, US
• Jiesheng Wu · Redmond, US
• Li Xu · Shanghai, CN
• Xiaohui Pei · Hangzhou City, CN
• Feng Zhang · Greenbelt, US
• Leilei Tian · Hangzhou City, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L69/163
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and systems are provided for improving user authentication and access control by a network file system service in a multi-tenant public cloud environment by receiving a request for a connection to a file system from a file system client (client), sending an identification request for identification authentication of the client to a control system, receiving a response from the control system, establishing the connection to the file system upon determining that the connection to the file system is allowed based on cloud tenant information associated with the client, receiving an attempt to access the file system from the client by a sub-user, authenticating the sub-user based on the cloud tenant information, issuing a security token including a globally unique sub-user identifier of the sub-user, and using the security token to determine access rights of the sub-user to the file system for a subsequent request.