ROLE-BASED PERMISSION DELEGATION IN A PROVIDER NETWORK

ROLE-BASED PERMISSION DELEGATION IN A PROVIDER NETWORK

Techniques for role-based permission delegation in a provider network. The techniques include an assuming service in the provider network sending a request to a temporary credential service in the provider network to assume a delegation role. The assuming service, acting in the delegation role, send...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: TIGHE, Dennis, WEISS, Rebecca Claire, MRITUNJAI, Akhilesh, PINSKI, Nikita, MARSHALL, Brad E, DE KADT, Christopher Richard Jacques, CONNOLLY, Jerry
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Techniques for role-based permission delegation in a provider network. The techniques include an assuming service in the provider network sending a request to a temporary credential service in the provider network to assume a delegation role. The assuming service, acting in the delegation role, sending a request to the temporary credential service to assume the customer role in accordance with a down scoping policy. The assuming service, acting in the customer role, performing an action in a strict subset of actions on a customer resource. The techniques improve the operation of the provider network by allowing a permission to perform an action on the customer resource that is granted by the customer to a delegating service in the provider network to be delegated to the assuming service while complying with the access control principle of least privilege.