| 发明名称 | Organizing permission associated with a cloud customer in a virtual computing infrastructure | ||
| 摘要 | Organizing permissions to authorize a subject to perform an action on an object in a cloud computing environment is described. A plurality of permissions associated with a cloud customer is created. A first set of permissions from the plurality of permissions is associated with one or more objects. Each of the first set of permissions describes an action performed on an object. A second set of permissions from the plurality of permissions is associated with one or more users. Each of the second set of permissions describes an action to be performed by one or more users. | ||
| 申请公布号 | US8850528(B2) | 申请公布日期 | 2014.09.30 |
| 申请号 | US201113299004 | 申请日期 | 2011.11.17 |
| 申请人 | Oracle International Corporation | 发明人 | Van Biljon Willem Robert;Pinkham Christopher Conway;Cloran Russell Andrew;Gorven Michael Carl;Hardy Alexandre;Divey Brynmor K. B.;Hoole Quinton Robin;Kalele Girish |
| 分类号 | H04L29/06;G06F21/00;G06F17/30;H04L9/32;G06F12/00;G06F15/16 | 主分类号 | H04L29/06 |
| 代理机构 | Kilpatrick Townsend and Stockton LLP | 代理人 | Kilpatrick Townsend and Stockton LLP |
| 主权项 | 1. A method of authorizing a subject to perform an action on an object in a cloud computing environment having a plurality of computing nodes, the method comprising: receiving a request by a user for performing an action in the cloud computing system the request comprising a first key-value pair identifying the action and a second key-value pair identifying the object upon which the action is to be performed; determining, from a plurality of permissions, whether an object permission exists having an identifier that matches the value of the key-value pair in the request identifying the object upon which the action is to be performed, each of the plurality of permissions comprising at least one object permission key-value pair defining a delegation path of permission for the object; determining, from the plurality of permissions, whether a user permission exists for the user making the request to act upon the object, each of the plurality of permissions comprising at least one user permission key-value pair defining a delegation path of permission for the user; authorizing the request based on the object permission and user permission for the action on the object in response to determining that both the object permission and the user permission exist; and denying the request in response to determining that at least one of the object permission or the user permission does not exist. | ||
| 地址 | Redwood Shores CA US | ||