| 发明名称 | Access management service system and method for controlling same, and non-transitory computer readable medium | ||
| 摘要 | An access management service system that manages use of a service provided by a resource service system, comprises: a holding unit which holds information of a user and information of a client system in a storage unit; a determination unit which, if an authorization request for use of the service is received from the client system due to an instruction from a user having authority to use the service, determines whether a group to which the user belongs and a group to which the client system belongs match based on the information held in the storage unit; and a presentation unit which, if the determination unit determines that the groups match, presents, to the user, a screen for instructing whether or not to permit delegation of the authority of the user to the client system. | ||
| 申请公布号 | US9282104(B2) | 申请公布日期 | 2016.03.08 |
| 申请号 | US201414216236 | 申请日期 | 2014.03.17 |
| 申请人 | CANON KABUSHIKI KAISHA | 发明人 | Mogaki Shunsuke |
| 分类号 | G06F21/62;H04L29/06;G06F21/33 | 主分类号 | G06F21/62 |
| 代理机构 | Fitzpatrick, Cella, Harper & Scinto | 代理人 | Fitzpatrick, Cella, Harper & Scinto |
| 主权项 | 1. A system comprising: a resource service system configured to provide a service; and an access management service system configured to manage use of the service, wherein the access management service system includes: a holding unit configured to hold information of a user and information of a multi-tenant client system in a storage unit; a registration unit configured to grant a first authority or a second authority to information of the client system and to register the same in the holding unit, the first authority being an authority permitting access not only to a specific tenant but also to another tenant, and the second authority being an authority permitting access to the specific tenant, wherein when granting an authority to information of the client system, if a certificate is received, the registration unit grants the first authority to the information of the client system, and if authentication information is received, the registration unit confirms a tenant based on the authentication information and grants the second authority permitting access of the confirmed tenant as the specific tenant to the information of the client system; the access management system further including: a determination unit configured to, if the second authority is granted to the client system when an authorization request for use of the service is received from the client system due to an instruction from a user having authority to use the service, determine whether a group to which the user belongs and a group to which the client system belongs match; and a presentation unit configured to, if the determination unit determines that the groups match or if the first authority is granted to the client system, present a screen to the user, the screen for instructing whether or not to permit delegation of the authority of the user to the client system, and wherein the resource service system includes a provision unit configured to, if access control information that is issued in response to an instruction given via the screen to permit delegation of the authority of the user is received from the client system, provide a service in response to confirmation of legitimacy of the access control information. | ||
| 地址 | Tokyo JP | ||