Model-based implied authorization
US8326874B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 17, 2009 |
| Grant date | Dec 4, 2012 |
| Priority date | — |
| Expiry date | Oct 29, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2145
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An authorization system determines a user's permission to access an object implicitly based on relationships in a data-driven model. The system provides the ability to mark a relationship type in the model between one object class (accessor) and another object class (accessed) as an implicit authorization relationship type. A user can define the permissions granted to the accessor object on the accessed object. When an accessor object tries to access a related accessed object over an authorization relationship type, the authorization system determines the permissions granted by inspecting the implicit authorization relationship type definition. The authorization system can also traverse containment relationship types to grant objects permissions contained by other objects. The authorization system dynamically determines authorization based on a relationship model that more naturally fits the actions that an administrator of a data-driven system is familiar with, and does not involve complex direct authorization or group membership management.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.