Browse Prior Art Database

Method and Apparatus to authorize a resource using collaborating authorization modules

IP.com Disclosure Number: IPCOM000184835D
Original Publication Date: 2009-Jul-01
Included in the Prior Art Database: 2009-Jul-01
Document File: 1 page(s) / 122K

Publishing Venue

IBM

Abstract

Resources that need to be authorized can be related to each other in a network fashion. In a network of resources, a resource is connected to one or more other resources using some type of relationship. For example, in WebSphere, application is related to cell because application is contained within a cell. And application is related to server or cluster of servers because, application runs on server or cluster of servers. This type of relationship can be represented as a graph with each vertex as resource and the edges representing relationship between the resources. To authorize a resource in this network of resources, it is a challenge, because authorization of a resource depends on authorization of related resources and actions being performed on the resource.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 98% of the total text.

Page 1 of 1

Method and Apparatus to authorize a resource using collaborating authorization modules

The solution to the above problem is to multiple authorization modules each collaborating with other authorization modules to perform authorization on a given resource. The authorization module responsible for the given resource is asked to perform authorization and that authorization module will perform authorization and provides information about the next authorization module(s) to be invoked to perform the next authorization based on the relationship of that resource with other resources in the network. All collaborating authorization modules should grant access to the resource to allow user access that resource.

The following diagram illustrates how authorization modules collaborate while performing authorization.

The first authorization module authorizes the user for the given resource but conveys the relationship of that resource with other resources in the network to the authorization framework.

The authorization framework determines the next authorization module to invoke depending on the resource information conveyed by the previous authorization module and checks for authorization and so on.

Resources And
Users

Resources And
Users

Resources And
Users

1

yes

Check cell

Authorization Framework

Check node

Authorization Module 3

(Access Granted)

Authorizati...