| 发明名称 |
ATTRIBUTE-BASED ACCESS CONTROL |
| 摘要 |
Attribute-based access control is performed across a first and a second security domain in a federated distributed processing environment. A security token received in the second security domain from a first service provider in the first security domain includes access control attributes. Access control information associated with a request to process an online transaction in the second security domain is received from an identity provider in the second security domain. The access control information is mapped into access control attributes compatible with a format of the access control attributes of the received security token. The mapped access control attributes are appended to the received security token to create a modified security token. The modified security token is signed with a certificate of a second service provider in the second security domain, and the modified security token is issued for consuming by any service provider in the second security domain. |
| 申请公布号 |
US2015237041(A1) |
申请公布日期 |
2015.08.20 |
| 申请号 |
US201514618824 |
申请日期 |
2015.02.10 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Flamini Elisabetta;Penfold Colin R. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for performing attribute-based access control across a first and a second security domain in a federated processing environment, the method comprising:
receiving, in the second security domain, a security token from a first service provider in the first security domain, where the security token comprises access control attributes; receiving from an identity provider in the second security domain access control information associated with a request to process an online transaction in the second security domain; mapping the access control information into access control attributes compatible with a format of the access control attributes of the received security token; appending the mapped access control attributes into the received security token to create a modified security token; and signing, with a certificate of a second service provider in the second security domain, the modified security token and issuing the modified security token for consuming by any service provider in the second security domain. |
| 地址 |
Armonk NY US |
