Secure resource authorization for external identities using remote subject objects

Methods for secure resource authorization of external identities using remote subject objects are performed by systems and devices. An external entity creates a user group and defines the rights of security resources of all entities as a set of rights for the group. An immutable access template with permissions and access policies for secure resources are provided to all entities for approval. After approval, the remote subject object is created in the owner directory according to the authority and the access policy. A remote subject that is a group member accesses an owner domain via an interface using an external domain credential request. The identity of the remote subject is verified by the token service for the remote subject object. Verification results in generating a token with enumeration rights and issuing the token to a remote subject interface, affecting redirection of access to the secure resource. 用于使用远程主体对象对外部身份进行安全资源授权的方法由系统和设备执行。外部实体创建用户群组，并将所有实体的安全资源的权利定义为针对该群组的权限集合。具有权限的不可变的访问模板和针对安全资源的访问策略