Method and system for visibility and control over access transactions between clouds using resource authorization messages

摘要

A computing system detects an access transaction based on one or more resource authorization messages transmitted via a resource authorization protocol. The access transaction pertains to access of a protected resource by a consumer cloud, the protected resource hosted by a provider cloud. The computing system generates relationship data based on the resource authorization messages. The relationship data can indicate a resource owner that is granting the access, the consumer cloud, and/or the provider cloud. The computing system performs an access control action in relation to the access transaction based on the relationship data. The access control action can be allowing the consumer cloud access to the protected resource or denying the consumer cloud access to the protected resource.

主权项

1. A method comprising:
detecting, by a computing system, an access transaction comprising one or more resource authorization messages transmitted via a resource authorization protocol, the access transaction pertaining to a consumer cloud requesting access to a protected resource hosted by a provider cloud; generating, by the computing system, relationship data based on the resource authorization messages, the relationship data indicating the provider cloud hosting the protected resource, the consumer cloud requesting access, and a resource owner that is granting the access; identifying a trust cloud type assigned to the consumer cloud; and performing, by the computing system, an access control action in relation to the access transaction based on the relationship data, policy data and the trust cloud type assigned to the consumer cloud, wherein the access control action is at least one of allowing the consumer cloud access to the protected resource or denying the consumer cloud access to the protected resource.