Attribute-based access control using scoped roles and conditioned permissions dynamic policies

Assignee

• Dell Products L.P. · US

Inventors

• Yi Fang · Shanghai, CN
• David Scott Thompson · San Francisco, US
• Yidong Wang · Upton, US
• Ranjit Kollu · Norfolk, US
• Jennifer M. Minarik · Zionsville, US
• Reut Kovetz · Tel Aviv-Yafo, IL
• Ching-Yun Chao · Austin, US
• Qi Jin · San Jose, US
• Jonathon Cwik · Chicago, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system can identify an attribute-based access control policy that comprises a pair comprising a permission policy and a condition policy that is associated with performing an operation on a computing resource. The system can identify that the attribute-based access control policy corresponds to a role policy that is associated with the account. The system can determine whether the account and the role policy satisfy the attribute-based access control policy with respect to the operation, wherein the determining comprises evaluating whether the computing resource and a required permission of the permission policy is declared in the role policy, and evaluating whether the account and the role policy satisfy the condition policy evaluates to true based on attributes of the account and attributes of the computing resource. The system can, in response to determining that the account satisfy the permission policy and the condition policy, perform the operation on the computing resource.