Controlling Access by Web Applications to Resources on Servers

摘要

Techniques are shown for providing third-party applications access to user resources based on user actions and processes that provide the third-party applications with the correct security tokens. The scope of access granted in various implementations of the disclosure is all documents which the user has already opened with the third-party application.

主权项

1. A system that facilitates granting a third-party application access to a user resource located on a network system, the system comprising:
a user-based access control list (ACL) checking utility configured to determine whether a first user has permission to access the user resource; a token-grant server checking utility configured to determine whether a token grant server has authenticated the third-party application with the network system; a resource-based ACL checking utility configured to determine whether the third-party application has permission to access the user resource on behalf of the first user, based at least in part on metadata associated with the user resource, wherein the metadata includes information indicating whether a second user has used the third-party application to access the user resource, wherein the first user is not the second user; and an authentication-fulfillment utility configured to fulfill the third-party application access request upon receiving affirmative determinations in all of the determinations made by the system, the fulfillment including enabling an authentication of the third-party application and granting the third-party application permission to access the user resource.