摘要 |
In a web-based service environment, third party providers need to have varying degrees of access to user data for their complementary services. To prevent third party providers from having broader access than necessary or not adequate levels of access, transferable restricted security tickets are employed to determine an appropriate level of access for third parties. Tickets with expiration and restriction roles define a duration and level of access for a third party. The restrictions are determined through an intersection of the authorizing user's security role and restriction roles defined in the system.
|