US2011231908A1PendingUtilityA1
Techniques for project lifecycle staged-based access control
Est. expiryJun 20, 2027(~0.9 yrs left)· nominal 20-yr term from priority
G06F 21/604G06F 21/6218H04L 63/10G06F 2221/2141
47
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Techniques for project lifecycle staged-based access control are provided. Access control rights are defined for a stage of a project's lifecycle. As requestors transition to the stage, the access control rights are enforced on top of any existing security restrictions. In an embodiment, selective resources are not visible to requestors within the stage in response to the access control rights.
Claims
exact text as granted — not AI-modified1 . A method implemented and residing in a non-transitory computer-readable storage medium, comprising:
acquiring access control rights for a first stage of a first processing environment, wherein the first stage is one of a plurality of other stages associated with a lifecycle of a project; and enforcing the access control rights against requesting resources that access the first processing environment in response to identities associated with the requesting resources and policies associated with the identities that map to portions of the access control rights, and wherein the access control rights are additional security limitations layered on top of and in addition to existing security limitations for the first processing environment, the policies supersede the existing security limitations permitting the access control rights to override the existing security limitations, the policies tied to the identities for the requesting resources.
2 . The method of claim 1 , wherein acquiring further includes identifying the access control rights as having global access permissions for the first processing environment and some access permissions for the first stage.
3 . The method of claim 2 , wherein acquiring further includes identifying some additional access permissions from the access control rights applicable to the project.
4 . The method of claim 1 , wherein acquiring further includes dynamically acquiring some of the access control rights from an administrator of the first stage.
5 . The method of claim 1 , wherein enforcing further includes determining customized authentication mechanisms for each of the requesting resources from the policies.
6 . The method of claim 1 , wherein enforcing further includes restricting some of the requesting resources from viewing particular first stage resources in response to enforcement of the access control rights.
7 . The method of claim 1 , wherein enforcing further includes having each access control right tied to one or more attributes of first resources in the first processing environment and also having each access control right tied to one or more of the policies, the access-control rights are specific to the first stage and the attributes to which the access-control rights are tied and the access control rights are customized based on the identities.
8 . A method implemented and residing in a non-transitory computer-readable storage medium, comprising:
acquiring access control rights in response to an authenticated identity associated with a requesting resource, each access control right also associated with one or more attributes for first resources in a first processing environment and each access control right tied to particular policies that include additional security restrictions, and each access control right is specific to a first stage of a project within the first processing environment and customized based on the authenticated identity of the requesting resource; enforcing existing security restrictions for the first resources, wherein the existing security restrictions are defined outside the context of the access control rights and are associated with the first processing environment; and selectively presenting to the requesting resource some of the first resources or some of the attributes or operations of the first resources in response to dynamically and in real time enforcing the access control rights, via the additional security restrictions, on top of the existing security restrictions, the access control rights override portions of the existing security restrictions with respect to the first resources or the operations of the first resources.
9 . The method of claim 8 , wherein acquiring further includes authenticating the requesting resource to the first stage of the project within the first processing environment, the first stage having the first resources;
10 . The method of claim 9 , wherein authenticating further includes dynamically and automatically initiating the authentication processing in response to an attempt by the requesting resource to transition to the first stage from another stage associated with a lifecycle of the project.
11 . The method of claim 9 , wherein authenticating further includes performing the authentication in addition to other authentications of the requesting resource, wherein the authentication is associated with stage transitioning within a lifecycle of the project.
12 . The method of claim 8 , wherein acquiring further includes acquiring the access control rights as metadata.
13 . The method of claim 8 , wherein acquiring further includes acquiring some of the access control rights in response to an access role.
14 . The method of claim 8 , wherein enforcing further includes overriding some of the existing security restrictions with the access control rights.
15 . The method of claim 8 further comprising, permitting the requesting resource to define other access control rights for the first stage and for the first resources.
16 . A system, comprising:
an identity service implemented in a non-transitory machine-accessible and readable medium and to process on a machine; and a staged-based access control service implemented in a non-transitory machine-accessible and readable medium and to process on the machine or a different machine, wherein the staged-based access control service is to enforce access control rights against requesting resources attempting to access target resources and within a context of a particular stage of a particular project, the access control rights are stage specific and customized based on identities of the requesting resources, the staged-based access control service interacts with the identity service to authenticate the requesting resources before dynamically and in real time enforcing the access control rights, via one or more policies, and the access control rights are enforced on top of existing security restrictions associated with a particular processing environment having the target resources.
17 . The system of claim 16 , wherein each access control right is also tied to one or more attributes of the target resources and each access control right tied to the one or more policies.
18 . The system of claim 16 , wherein the requesting resources are tied to identities that map via a particular policy to specific ones of the access control rights and the access control rights at least partial override, via the one or more policies, portions of the existing security restrictions for the particular processing environment
19 . The system of claim 16 , wherein the access control rights are hierarchical.
20 . The system of claim 18 , wherein the staged-based access control service interactively receives at least some definitions for the access control rights from an administrator.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.