| 发明名称 |
ORCHESTRATED INTERACTION IN ACCESS CONTROL EVALUATION |
| 摘要 |
An orchestrated access system is described herein that provides an access control decision function that is augmented by interfacing with a real-time collaborative communication system that maintains a state of various users' availability to communicate. The orchestrated access system provides real-time approvals for access control scenarios where the policy would not otherwise grant access. The system provides an experience for the requesting user to select an appropriate approver among multiple potential approvers based on the relationship of the potential approver to the requesting user, the relationship of the potential approver to the resource, and the availability of the potential approver for real-time communication. The system can provide a record of approver and request parameters in a database to optimize further interactions. Thus, the orchestrated access system provides an improved experience for granting access to resources within an organization for both the requesting user and the approver(s). |
| 申请公布号 |
US2014173755(A1) |
申请公布日期 |
2014.06.19 |
| 申请号 |
US201213719416 |
申请日期 |
2012.12.19 |
| 申请人 |
MICROSOFT CORPORATION |
发明人 |
Wahl Mark |
| 分类号 |
G06F21/60 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method to respond to an attempt from a requesting user to access a resource, the method comprising:
receiving a request to access an access-controlled resource associated with an organization having multiple users; identifying the access controlled resource that is a subject of the received request; determining that the requesting user has not been explicitly granted a requested level of access to the identified resource; identifying one or more approvers that have the authority to grant the requesting user access to the identified resource; determining a current status of each identified approver, wherein the current status indicates an approver's availability for receiving a communication to quickly handle a decision to grant or deny access to the identified resource; selecting one or more of the identified approvers to receive a notification requesting access to the resource; sending a notification to the selected approvers inquiring whether the received request to access the identified resource is to be allowed; and receiving a response from at least one approver and if the response indicates that the request should be allowed, allowing the requested access to the identified resource, wherein the preceding steps are performed by at least one processor.
|
| 地址 |
Redmond WA US |
