WO2008072250A1 - Method and system for reconciliation of information cycles in an enterprise information system - Google Patents
Method and system for reconciliation of information cycles in an enterprise information system Download PDFInfo
- Publication number
- WO2008072250A1 WO2008072250A1 PCT/IN2006/000492 IN2006000492W WO2008072250A1 WO 2008072250 A1 WO2008072250 A1 WO 2008072250A1 IN 2006000492 W IN2006000492 W IN 2006000492W WO 2008072250 A1 WO2008072250 A1 WO 2008072250A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- resource
- information system
- enterprise information
- reconciliation
- user
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
Abstract
A computer-implemented method for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool and at least one resource, the method comprising: creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool; checking reconciliation requests received from the resource for presence of the identifier; and sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
Description
METHOD AND SYSTEM FOR RECONCILIATION OF INFORMATION CYCLES IN AN ENTERPRISE INFORMATION SYSTEM
BACKGROUND OF THE INVENTION
In present day businesses, the only constant is change. Aligning people, processes and technology have become key issues in the management of a successful business enterprise. Enterprise Information Systems (EIS) provide a platform that enable organizations to combine technology and business processes together in a holistic manner.
EIS can be considered akin to a central repository that provides business information to a wide and diverse audience spread across an enterprise. To provide a few examples, such information could include information on users, employee resources, real estate resources, business partners, technical collaborators and system resources. Third party management tools that manage the information in these systems typically enters information into the systems and also have mechanisms to receive notifications when the information changes. One such management tool is HP's OpenView Select Identity, for Identity Management (IdM). Identity management is a process that involves addition/modification/deletion of digital identities and associated information.
HP OpenView Select Identity enables efficient and centralized management of users, their passwords, and their entitlements across IT systems such as applications, databases and operating systems. In other words, it allows centralized management of a digital identity and its access rights over the entire lifecycle of a user's association with an enterprise.
One of the main steps in an identity's information life cycle is known as "provisioning". It is the process of adding identities, along with their credentials and entitlements, in an identity management system. For example, when an employee joins an organization, information that describes the person is provisioned into a human resource system, an email system, a payroll system, a finance system, application directories, and so on. It is from these resources that additional information that describes the identity's credentials and entitlements within the organization is created. For example, a person's job title may be used to provide membership of a particular group, such as payroll. The system may, for instance, enforce a policy so that a non- finance person may not be provisioned within the system for membership of this group.
When provisioning information in this way, an information cycle can occur when data that was sent on a forward provisioning path triggers a reverse path notification mechanism. A reconciliation mechanism may be provided to handle such information cycles.
BRIEF DESCRIPTION OF THE DRAWINGS
An embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
Figure 1 depicts a schematic layout of a portion of an enterprise information system.
Figure 2 shows a block diagram illustrating forward and reverse provisioning of information between an identity management system and a resource.
Figure 3 provides a flowchart diagram showing various method steps in the reconciliation of an information cycle in an identity management system.
DETAILED DESCRIPTION OF THE PREFFERED EMBODIMENT
There will be described a method and system for reconciliation of information cycles in an Enterprise Information System.
In the following, the term Enterprise Information System (EIS) will be used to refer to a computer system(s) that typically deals with large volumes of data and is/are capable of supporting a large enterprise.
It should be noted that the present embodiment is described with reference to a specific EIS tool i.e. an identity management system. However, it is to be understood that other EIS tools, such as, but not limited to, an accounting management system, a production scheduling system, customer information tracking system, a bank account maintenance system, an HR management system, a- payroll system, an infrastructure management system etc. can be also employed, for implementing the below described method and system for reconciliation of information cycles.
Referring to Figure 1, there is shown a schematic layout of a portion of an enterprise information system 100 including an identity management system 190, a connector bus 160 and various back-end data stores or other resources 172, 174, 176, 178 and 180.
The identity management system 190 may be implemented on a standalone computer system or a network computer connected to a computer network and is accessible to a user via a graphical user interface (GUI) 150. The identity management system 190 includes the following components:
1. Data repository components 102
Directory services 112 and meta-directories 114 deal with the representation, storage and management of identity and profiling information and provide standard APIs and protocols for their access. Data repositories are often implemented as an LDAP accessible directory, meta- directory or virtual directory 116, or a database 118. Policy information governing access to and use of information in the repository is stored here as well.
2. Security components 104
a) Authentication Providers 120: The authentication provider, sometimes referred to as the identity provider, is responsible for performing primary authentication of an individual, linking them , to a given identity. The authentication provider produces an authenticator — a token which allows other components to recognize that primary authentication has been performed. Primary authentication techniques include mechanisms such as password verification, proximity token verification, smartcard verification, biometric scans, or even X.509 PKI certificate verification. Each identity may be associated with more than one authentication provider. The mechanisms employed by each provider may be of different strengths and some application contexts may require a minimum strength to accept the claim to a given identity.
b) Authorization Providers 122: An authorization provider enforces access control when an entity accesses an IT resource. Authorization providers allow applications to make authorization and other policy decisions based on privilege and policy information stored in the repository.
c) Auditing Providers 124: Secure auditing provides the mechanism to track how information in the repository is created, modified and used. This is an enabler for forensic analysis, which is used to determine how and by whom policy controls were circumvented.
3. Lifecycle components 106
a) Provisioning 126: Provisioning tools allow creation of identities, along with their credentials and entitlements, to an identity management system.
b) Longevity 128: Longevity tools create the historical record of an identity. These tools allow the examination of the evolution of an identity over time.
4. Consumable value components 108
a) Single Sign-On (SSO) 130: Single sign-on allows a user to perform primary authentication once and then access the set of applications and systems that are part of the identity management environment.
b) Personalization 132: Personalization and preference management tools allow application- specific, as well as generic information, to be associated with an identity. These tools allow applications to tailor the user experience for a given individual, leading to a streamlined interface for the user and the ability to target information dissemination for a business.
c) Self Service 134: Enables users to self-register for access to business services and manage profile information without administrator intervention. It also allows users to perform authentication credential management: assigning and resetting passwords, requesting X.509 certificates, etc. Self service reduces IT operation costs, improves customer service, and improves information consistency and accuracy.
5. Management components 110
a) User Management 136: Provides IT administrators with a centralized infrastructure for managing user profile and preference information. User management enables organizations to decrease overall IT costs by providing user self-service capabilities and also enhance the value of their existing IT investments through directory optimization and profile synchronization capabilities.
b) Access Control Management 138: Provides IT administrators with a centralized infrastructure for managing user authentication and authorization. The access control management service increases security, reduces complexity and overall IT costs by automating access policies for employees, customers, and partners.
c) Privacy Management 140: Assures privacy and data protection policies (as defined in company, industry or governmental regulations) are respected in identity management solutions.
d) Federation Management 142: Enables the establishment of trusted relationships between distributed identity providers.
Such as identity management system is a tool for managing identities in an organization. Since the initial information that is collected and distributed about a person in an organization may undergo modification during the course of their association, maintaining and managing identity information of a person becomes a process that requires carrying out appropriate changes within an identity management system as when there is a change in the relationship. Accordingly, it will be appreciated that the components described above are for the purpose of illustration only and the actual components may vary depending on the needs and policies of an organization. It will be further appreciated that any suitable identity management system (such as HP OpenView Select Identity) may be deployed in the enterprise information system 190.
Connectors are architectural elements that represent or implement interactions among components and rules that govern those interactions. These interactions can be simple interaction mechanisms such as a procedure call and also complex interactions such as client- server protocols, security protocols and database access protocols. In the present embodiment, connector bus 160 acts as an intermediary between the identity management system and various resources 172, 174, 176, 178 and 180. The connectors 160 could be one-way connectors or two- way connectors, and the connector architecture may, for instance, be based on the technologies defined by Java 2 Platform, Enterprise Edition (J2EE). Further, the connector 160 is a logical entity, and may consist of a combination of physical components situated on multiple systems. For instance, a part of the connector may be resident on a J2EE server, and another part of the connector may be an agent component residing on an EIS system, such as, the enterprise information system 100. Furthermore, the connector 160 may use different protocols for forward and reverse provisioning of information, depending on the support provided by the enterprise information system 100.
Resources 172, 174, 176, 178 and 180 are information repositories that typically include applications 172, directory 176, and databases 174 that store identity information. For example, the applications may include an email application 178, business applications 172, HR applications 180, functional applications, and so on. The databases could be, for instance, an LDAP based
directory, Active Directory, RDBMS, file system, ACE Server database or certificate store. It would be appreciated that the examples mentioned here are for the purpose of illustration only, and the actual resources employed may vary depending on the requirements of an enterprise.
From Figure 1 , it can be seen that the identity management system 190 communicates with the resources 172, 174, 176, 178 and 180, through the connector bus 160. All requests between the identity management system 190 and the resources 172, 174, 176, 178 and 180 use a suitable protocol such as, but not limited to, the Hypertext Transfer Protocol (HTTP), for communication. It should be noted that the identity management system 190 may or may not be in close proximity with the resources 172, 174, 176, 178 and 180. For instance, both the identity management system 190 and the resources 172, 174, 176, 178, 180 may be present on a single computer system or distributed over multiple computer systems. Further, the identity management system 190 may be located at one geographical location (say, London), and the resources 172, 174, 176, 178, 180, may be located at other geographical locations (such as, Alabama, Paris, Amsterdam, Istanbul etc.).
The components (identity management system 190, resources 172, 174, 176, 178, 180, and connector bus 160) of the enterprise information system 100 may be connected together, for instance, through a suitable network environment such as, but not limited to, a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a wireless local area network (WLAN) and the Internet.
Figure 2 depicts a block diagram illustrating forward and reverse provisioning of information between an identity management system 202 and a resource 206 through a connector 204.
The identity management system 202 provisions user transaction information onto the target resource 206 through the connector 204. To provide an example, if the target resource 206 is an email messaging system then, say for a new employee, the identity management system 202 would provision new employee information onto the email system, i.e. target resource 206, to set up an email account for the new employee. The connector 204 has a mechanism for reconciling local changes made on the resource 206 back to the identity management system 202. By way of elaboration, reconciliation is a process by which an identity management system polices the resources under its management. For instance, if the identity management system detects any accounts or changes to user access privileges affected outside of the management's control, it can, for instance, immediately take corrective action, such as undo the change or notify an
administrator. The reconciliation mechanism also may help in detection and mapping of existing accounts in target resources.
Any user information that is provisioned to the resource 206 from the identity management system 202 (forward provisioning) may also be picked up by the reconciliation mechanism and sent back to the identity management system 202 (reverse provisioning) for reconciliation.
Further, sending provisioning requests from the identity management system 202 to the resource 206 and receiving reconciliation requests from the resource 206 may take place on separate data paths. That is, provisioning requests from an enterprise information system tool to a resource may be send on a first data path and reconciliation requests from the resource may be received on a second data path.
The method steps 300 in the reconciliation of an information cycle in an enterprise information system will now be described with reference to Figure 3.
In the following it is assumed that the users of the identity management system 202 create one o c r more specific user accounts with a fixed set of privileges within each resource and use this or these particular user accounts for all the forward provisioning operations performed by the identity management system.
As will be described below, the forward provisioning of information on any resource will therefore involve at least one unique identifier identifying the user who sourced the request. The unique identifier could be, for instance, but not limited to, the usemame of the user as whom the provisioning was done, employee ID of the user, social security number of the user etc. General identifiers, for instance, process IDs or machine GUIDs (Global Unique Identifiers) may also be used as unique identifiers. It is assumed that all resources log the activity of forward provisioning, along with the identifiers. As a result, these identifiers can be used to act as differentiators between a forward provisioning request and a reverse provisioning request, and may serve to reconcile an information cycle.
At step 302, an enterprise information system tool (such as an identity management system) creates at least one user for a resource. In other words, at least one user is created for at least one resource.
In case there are multiple users for a resource, a local (i.e. within the enterprise information system tool and/or the resource) list of users is created for that resource. In case there are multiple users for multiple resources, separate lists of users are created for each of the resources.
Each user created for a resource is provided with a unique user identifier.
At step 304, the enterprise information system tool sends a provisioning request to a resource with the request carrying with it a unique user identifier of the user who sourced the request. The provisioning request is thereby tagged with the unique identifier.
At step 306, the resource receives the provisioning request and logs it with the unique user identifier.
At step 308, the resource sends a reconciliation request to the connector.
At step 310, upon receiving the reconciliation request, the connector checks the request for presence of the unique identifier of the user who sourced the request. A reconciliation request that does not include an identifier is blocked by the connector.
At step 312, the unique identifier of the user who sourced the request is compared with the unique identifier of the at least one user for the resource. In other words, the connector compares the request with the local list of users created for the resource.
At step 314, if the unique identifier of the user who sourced the request is found to be the unique user identifier of the at least one user for the resource (i.e. if the user who sourced the request is found to be present in the local list of users for the resource), the reconciliation request is ignored 316. If the unique identifier of the user who sourced the request is not found to be the unique user identifier of the at least one user for the resource (i.e. the user who sourced the request is not found in the local list), the request is assumed to have been generated by another user on the resource, and the request is sent to the enterprise information system tool for reconciliation 318.
It would be appreciated that the above described approach to reconciling information in an enterprise information system can provide the following advantages:
a) Design simplicity: The mechanism described can remove the complexity of having both the forward and reverse provisioning go through a single agent or component, thereby simplifying the design of the overall enterprise information system. The overheads and design considerations used in the forward provisioning component do not affect the design of the reverse provisioning component, as they can function independently. Also, costly synchronization operations between the forward and reverse provisioning requests may be avoided due to a non-coupled design.
b) Decoupling of the forward and reverse functionality: The mechanism allows information flow in the forward and reverse direction to take different paths. This may be desirable in many instances, where the resource behavior does not warrant the use of the same information path in both directions.
c) Processing Time and memory requirements: The mechanism allows quicker differentiation between a cyclic reconciliation request and a normal request, as the comparison is between a single credential (unique identifier) against a locally held list, which may be relatively static. If details of each forward request were to be stored for the purposes of reconciliation with each reverse request, there would necessarily be a large local cache in the component that handles the forward provisioning and reverse provisioning traffic and a cache lookup needed. The mechanism described may eliminate the need to cache snapshots of all forward requests until the corresponding reverse requests arrive.
It will be appreciated that the embodiments within the scope of the present invention may be implemented in the form of a computer program product including computer-executable instructions, such as program code, which may be run on any suitable computing environment in conjunction with a suitable operating system, such as, Microsoft Windows, Linux or UNIX operating system. Embodiments within the scope of the present invention may also include program products comprising computer-readable media for carrying or having computer- executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, such computer-readable media can comprise RAM, ROM, EPROM, EEPROM, CD-ROM, magnetic disk storage or other storage devices, or any other medium which can be used to carry or store desired program code in the form of computer-executable instructions and which can be accessed by a general purpose or special purpose computer.
The present invention in some embodiments may be operated in a networked environment such as, but not limited to, a local area network (LAN), a wide area network (WAN) etc. Further, an
exemplary system for implementing the overall system or portions of the invention might include a general purpose computing device in the form of a conventional computer, including a processing unit, a system memory, and a system bus that couples various system components including the system memory (RAM and ROM) to the processing unit. The computer may also include a removable magnetic disk and an optical disk drive.
It should be noted that the above-described embodiment of the present invention is for the purpose of illustration only. Although the invention has been described in conjunction with a specific embodiment thereof, those skilled in the art will appreciate that numerous modifications are possible without materially departing from the teachings and advantages of the subject matter described herein. Other substitutions, modifications and changes may be made without departing from the spirit of the present invention.
Claims
1. A computer-implemented method for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool and at least one resource, the method comprising:
creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool;
checking reconciliation requests received from the resource for presence of the identifier; and
sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
2. The method of claim 1 , wherein the enterprise information system tool is an identity management system.
3. The method of claim 1 , wherein the identifier of the at least one user created for the at least one resource is from the set comprising of username, employee ID, social security number, process ID or machine GUID .
4. The method of claim 1 , wherein the checking step is carried out in a connector.
5. The method of claim 4 wherein the reconciliation requests not including the identifier are blocked by the connector.
6. The method of claim 4 wherein the checking step comprises the connector consulting a list of user identifiers.
7. The method of claim 1 further comprising sending provisioning requests from the enterprise information system tool to the resource on a first data path and receiving reconciliation requests from the resource on a second data path.
8. The method of claim 4 wherein the provisioning requests sent from the enterprise information system tool to the resource are not processed by the connector.
9. The method of claim 1 wherein the at least one user is reserved for use by the enterprise information system tool.
10. The method of claim 1, wherein the at least one resource is from the set comprising of application, directory or database.
11. A computer program product for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool and at least one resource, the product comprising:
code for creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool;
code for checking reconciliation requests received from the resource for presence of the identifier; and
code for sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
12. The computer program product of claim 11 , further comprising code for sending provisioning requests from the enterprise information system tool to the resource on a first data path and receiving reconciliation requests from the resource on a second data path.
13. The computer program product of claim 11 , wherein the enterprise information system tool is an identity management system.
14. A computer system for reconciliation of an information cycle in an enterprise information system comprising an enterprise information system tool, and at least one resource, the system comprising:
means for creating for the enterprise information system tool at least one user for provisioning the at least one resource, wherein the at least one user has an identifier for inclusion in provisioning requests sent to the resource by the enterprise information system tool; means for checking reconciliation requests received from the resource for presence of the identifier; and
means for sending the request to the enterprise information system tool for reconciliation according to the presence of the identifier in the reconciliation request.
15. The computer system of claim 14, further comprising means for sending provisioning requests from the enterprise information system tool to the resource on a first data path and receiving reconciliation requests from the resource on a second data path.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/IN2006/000492 WO2008072250A1 (en) | 2006-12-13 | 2006-12-13 | Method and system for reconciliation of information cycles in an enterprise information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/IN2006/000492 WO2008072250A1 (en) | 2006-12-13 | 2006-12-13 | Method and system for reconciliation of information cycles in an enterprise information system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2008072250A1 true WO2008072250A1 (en) | 2008-06-19 |
Family
ID=38222593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/IN2006/000492 WO2008072250A1 (en) | 2006-12-13 | 2006-12-13 | Method and system for reconciliation of information cycles in an enterprise information system |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2008072250A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8627405B2 (en) * | 2012-02-06 | 2014-01-07 | International Business Machines Corporation | Policy and compliance management for user provisioning systems |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004017591A2 (en) * | 2002-08-16 | 2004-02-26 | Research In Motion Limited | System and method for triggering a provisioning event |
| US20050289356A1 (en) * | 2004-06-29 | 2005-12-29 | Idan Shoham | Process for automated and self-service reconciliation of different loging IDs between networked computer systems |
-
2006
- 2006-12-13 WO PCT/IN2006/000492 patent/WO2008072250A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004017591A2 (en) * | 2002-08-16 | 2004-02-26 | Research In Motion Limited | System and method for triggering a provisioning event |
| US20050289356A1 (en) * | 2004-06-29 | 2005-12-29 | Idan Shoham | Process for automated and self-service reconciliation of different loging IDs between networked computer systems |
Non-Patent Citations (2)
| Title |
|---|
| DERICK CASSIDY: "Oracle - Identity As A Service - Reconciliation", INTERNET ARTICLE, 8 November 2006 (2006-11-08), pages 1 - 2, XP002442498, Retrieved from the Internet <URL:http://blogs.oracle.com/IdentityAsaService/newsItems/viewFullItem$33> [retrieved on 20070712] * |
| IBM CORPORATION: "Tivoli Identity Manager Express documentation (revised June 2006)", INTERNET ARTICLE, June 2006 (2006-06-01), Internet, pages 1 - 4, XP002442497, Retrieved from the Internet <URL:http://publib.boulder.ibm.com/infocenter/tivihelp/v5r1/index.jsp?topic=/com.ibm.itim.infocenter.doc/imx460_ins_ws_express02.htm> [retrieved on 20070713] * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8627405B2 (en) * | 2012-02-06 | 2014-01-07 | International Business Machines Corporation | Policy and compliance management for user provisioning systems |
| US8631459B2 (en) * | 2012-02-06 | 2014-01-14 | International Business Machines Corporation | Policy and compliance management for user provisioning systems |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5787640B2 (en) | Authentication system, authentication method and program | |
| US9571479B1 (en) | Role-based access control using dynamically shared cloud accounts | |
| US7987495B2 (en) | System and method for multi-context policy management | |
| JP5231665B2 (en) | System, method and computer program product for enabling access to corporate resources using a biometric device | |
| US8387137B2 (en) | Role-based access control utilizing token profiles having predefined roles | |
| US6871232B2 (en) | Method and system for third party resource provisioning management | |
| US8387136B2 (en) | Role-based access control utilizing token profiles | |
| US9998470B1 (en) | Enhanced data leakage detection in cloud services | |
| US7478407B2 (en) | Supporting multiple application program interfaces | |
| US20050060572A1 (en) | System and method for managing access entitlements in a computing network | |
| US20070136603A1 (en) | Method and apparatus for providing secure access control for protected information | |
| Sharma et al. | Identity and access management-a comprehensive study | |
| Thakur et al. | User identity and access management trends in IT infrastructure-an overview | |
| Kiyomoto et al. | PPM: Privacy policy manager for personalized services | |
| US10749868B2 (en) | Registration of the same domain with different cloud services networks | |
| WO2008072250A1 (en) | Method and system for reconciliation of information cycles in an enterprise information system | |
| KR102179185B1 (en) | Server Management system | |
| WO2002067173A1 (en) | A hierarchy model | |
| US11943226B2 (en) | Container and resource access restriction | |
| Semenov et al. | Cloud-Based Data Architecture Security | |
| Bogicevic et al. | Identity Management–A Survey | |
| Huawei Technologies Co., Ltd. | Database Security Fundamentals | |
| WO2023040953A1 (en) | Progressively validating access tokens | |
| WO2024037224A1 (en) | Cloud resource access control method based on cloud computing technology, and cloud management platform | |
| US20220353266A1 (en) | Framework for customer control and auditing of operator access to infrastructure in a cloud service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06842770 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 06842770 Country of ref document: EP Kind code of ref document: A1 |