Federated role provisioning

摘要

In various embodiments, techniques for federated role provisioning are provided. A federated role definition for a resource is constructed and distributed. The federated role definition includes a role hierarchy having role assignments and constraints for dynamically resolving and binding a resource to particular ones of the role assignments. A resource may have role assignments statically bound to its identity and dynamically bound to its identity. Furthermore, some role assignments may be inherited from the role hierarchy.

主权项

1. A method comprising:
transmitting a role request associated with a resource to a processing system, wherein the resource is an electronic entity; dynamically receiving metadata from the processing system, the metadata representing a role hierarchy that provides access privileges and limitations of at least one identity associated with the resource, wherein the role hierarchy includes a plurality of role assignments and a plurality of role constraints that are associated with the at least one identity, wherein the metadata is dynamically generated by the processing system; dynamically evaluating at least one role constraint associated with at least one role assignment; and determining the access privileges and limitations associated with the at least one identity, and wherein the at least one identity is bound to the role assignment before the access privileges and limitations for the role assignment are bound to the resource, and wherein the binding between the at least one identity and the role assignment is delayed until any conditional limitation defined in the at least one role constraint is met; wherein the method is performed by a computing device.