| 发明名称 |
Back-end constrained delegation model |
| 摘要 |
A client can communicate with a middle tier, which can then, in turn, communicate with a back end tier to access information and resources on behalf of the client within the context of a system that can scale well. Each individual back end can establish a policy that defines which computing device can delegate to that back end. That policy can be enforced by a domain controller within the same administrative domain as the particular back end. When a middle tier requests to delegate to a back end, the domain controller to which that request was directed can either apply the policy, or, if the domain controller is in a different domain than the targeted back end, it can direct the middle tier to a domain controller in a different domain and can sign relevant information that the middle tier can utilize when communicating with that different domain controller. |
| 申请公布号 |
US9118672(B2) |
申请公布日期 |
2015.08.25 |
| 申请号 |
US201012965445 |
申请日期 |
2010.12.10 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Novak Mark Fishel;Leach Paul J.;Zhu Liqiang;Miller Paul J.;Hanganu Alexandru;Zeng Yi;Viegas Jeremy Dominic;Short K. Michiko |
| 分类号 |
G06F7/04;H04L29/06;H04L9/32 |
主分类号 |
G06F7/04 |
| 代理机构 |
|
代理人 |
Johnston-Holmes Danielle;Minhas Micky |
| 主权项 |
1. A system for enabling delegation, the system comprising:
at least one processor; and a memory operatively coupled to the at least one processor, the memory storing instructions, that when executed by the at least one processor, perform a method comprising:
receiving, by a first computing device for controlling a first domain, a request from a second computing device in a second domain to communicate as a client to a third computing device;determining the third computing device is in the first domain;identifying one or more policy requirements for delegating to the third computing device, wherein at least one of the one or more policy requirements is established by the third computing device and enforced by the first computing device;receiving configuration information regarding the second computing device and a fourth computing device for controlling the second domain;determining whether the identified one or more policy requirements are satisfied based in part on the received configuration information regarding the second computing device and the fourth computing device for controlling the second domain; andgenerating a signed service ticket granting the request to communicate. |
| 地址 |
Redmond WA US |
