| 发明名称 |
Conditional access to services based on device claims |
| 摘要 |
Providing access to one or more resources to a user device. A method includes at a user device, registering with an identity service to obtain an identity credential. The method further includes at the user device, registering with a policy management service by presenting the identity credential. The method further includes at the user device, providing an indication of current state of the user device to the policy management service. The policy management service can then indicate to the identity service the compliance level of the user device. The method further includes the user device receiving a token from the identity service based on the policy management level of the user device as compared to a policy set. |
| 申请公布号 |
US9444848(B2) |
申请公布日期 |
2016.09.13 |
| 申请号 |
US201414491819 |
申请日期 |
2014.09.19 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Green Christopher Samuel;Qureshi Farhan Haleem;SenGupta Sucharit;Soy Nirmal Rajesh;Healy Michael J. |
| 分类号 |
G06F17/00;H04L29/06;G06F21/41 |
主分类号 |
G06F17/00 |
| 代理机构 |
|
代理人 |
Drakos Kate;Chinagudabha Raghu;Minhas Micky |
| 主权项 |
1. In a computing environment, a method of providing access to one or more resources to a user device, the method comprising:
at a user device, registering with an identity service to obtain an identity credential which omits a claim that the user device is a managed device; the user device sending the identity credential to a service endpoint where it is determined that the identity credential omits the claim that the user device is a managed device; at the user device, registering with a policy management service by at least presenting the identity credential to the policy management service, the user device registering with the policy management service in response to the user device being redirected to the policy management service from the service endpoint in response to the user device presenting the identity credential to the service endpoint that was determined to omit the claim that the user device is a managed device; at the user device, receiving a compliance policy listing corresponding to a compliance policy required for managed devices, the compliance policy listing identifying one or more items of interest, the one or more items of interest including at least (a) one or more changes to be made at the user device for the user device to be compliant with the compliance policy or (b) one or more states of the user device required for compliance; at the user device, performing at least one of providing a notification to the policy management service that indicates (a) the one or more states of the user device required for compliance or (b) the user device taking a remedial action that includes the one or more changes required for the user device to be compliant, wherein the notification triggers the transmission of a compliance state setting to the identity service; at the user device, receiving a token from the identity service that indicates a compliance state of the user device and a claim that the user device is a managed device, the token being based on the identity service receiving the compliance state setting from the policy management service; and the user device transmitting the token to the service endpoint with the claim that the user device is a managed device. |
| 地址 |
Redmond WA US |
