Browse Prior Art Database

Method to allow a third party to securely schedule jobs on users behalf in a cloud environment.

IP.com Disclosure Number: IPCOM000246137D
Publication Date: 2016-May-11
Document File: 2 page(s) / 45K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method to allow a third party to securely schedule departmentalised jobs on users behalf in a cloud environment. Using digital signature the job is signed by the service before submission and the signature used by a third party scheduler to identify and authenticate the submitter.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 01 of 2

Method to allow a third party to securely schedule jobs on users behalf in a cloud environment.

In a multi tenant cloud environment the resources of each tenant are segregated at an organization level. At the organizational level, jobs are submitted to the cloud

service; one such example is a job to provision a number of users into the cloud service.

    The organizations are often managed in a departmentalised fashion whereby each department of an organization manages it's population of users.

    One example is a hotel chain where each hotel manages it's own staff, and a head office manages other functions like procurement. In this example each hotel has it's own LDAP based user directory and the administration of that directory is naturally departmentalised by the existence of the individual directories for each department. Administrators of one hotel cannot manage the staff of another hotel.

    The cloud service provider, in one example uses a single job scheduler for each registered organization, allowing that organization to submit jobs to the cloud scheduler and the scheduler then executes the job on the organizations behalf; typically using a preassigned administrator identity as the authorised user executing the job on behalf of the organization; thing of this as the root id for that organization.

    The problem that arises is that the submission of jobs into the cloud scheduler, loses any association of the individual administrator that submitted the

job, thus allowing an overlap across the organizations departments; taking the hotel example again, the admin of one hotel could provision users from another hotel.

    The cloud scheduler is a essentially a third party in this case and has no concept of the organization department structure. It simply schedules the jobs on behalf of the organization using the preass...