发明名称 |
Resource access authorization |
摘要 |
Techniques for resource access authorization are described. In one or more implementations, an application identifier is used to control access to user resources by an application. A determination is made whether to allow the application to access the user resources by comparing an application identifier received from an authorization service with a system application identifier for the application obtained from a computing device on which the application is executing. |
申请公布号 |
US9183361(B2) |
申请公布日期 |
2015.11.10 |
申请号 |
US201113230460 |
申请日期 |
2011.09.12 |
申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Obasanjo Oludare V.;Gordon Stephen R.;Radutskiy Aleksandr;Hallin Philip J.;Oskov Atanas D.;Viegas Jeremy D.;Kitchener Daniel C. |
分类号 |
G06F7/04;G06F12/00;G06F12/14;G06F13/00;G06F17/30;G06F21/31;H04L29/06;G06F21/62 |
主分类号 |
G06F7/04 |
代理机构 |
|
代理人 |
Churna Timothy;Drakos Kate;Minhas Micky |
主权项 |
1. A system comprising:
one or more processors; and one or more computer-readable storage media storing computer-executable instructions that are executable by the one or more processors to perform operations including:
receiving a request from an application for access to a user resource, the request being appended with a uniform resource identifier (URI) that includes a custom URI scheme that identifies a persisted authentication mode and that includes an application identifier for the application;forwarding an authorization request to an authorization entity responsive to receiving the request, the authorization request including the application identifier for the application;receiving a response from the authorization entity indicating that the application is permitted to access the user resource, the response including the application identifier for the application;checking whether a user has selected a persisted authentication mode for the application;caching an authentication state for the application in an event that an indication is received that the persisted authentication mode has been selected; andproviding a token to the application that enables access to the user resource if the application identifier matches a system application identifier obtained from a storage portion of a computing device on which the application is executing, the storage portion of the computing device being inaccessible to the application. |
地址 |
Redmond WA US |