公开(公告)号：US20230098484A1

公开(公告)日：2023-03-30

申请号：US17953058

申请日：2022-09-26

Applicant: Oracle International Corporation

Inventor： Martinus Petrus Lambertus van den Dungen ,  James William Salmon ,  Girish Nagaraja

IPC: G06F21/62

Abstract: Techniques are disclosed for unifying a first identity management service with a second identity management service within a distributed computing system. The first identity management service can receive a request to perform an entity operation. The request may be formatted for an interface of the first identity service. The first identity service can determine that the account is in a second domain associated with the second identity service and transform the request to a format corresponding to an interface of the second identity service. The transformed request may be transmitted to the second identity service using an external proxy and based in part on the second domain corresponding to the second identity service.

公开(公告)号：US20230097763A1

公开(公告)日：2023-03-30

申请号：US17896969

申请日：2022-08-26

Applicant: Oracle International Corporation

Inventor： Kranthi Kiran Pandiri ,  Shobhank Sharma ,  Girish Nagaraja

IPC: G06F9/50

Abstract: Techniques are described that enable, in a multi-region cloud environment, information regarding one or more tenancy sessions that a network access program (e.g., a browser) participates in to be efficiently stored in a centralized location. The centrally stored sessions information can then be used for various purposes such as for restricting the number of tenancy sessions using a network access program, sessions cleanup, and other sessions-related tasks. In certain implementations, the centrally stored sessions information is used to prevent the network access program from opening multiple sessions for the same tenancy. In such implementations, for a particular tenancy, the network access program is allowed to have only one active session for the particular tenancy at a time. The centrally stored sessions information facilitates efficient sessions management including session cleanup after a session is closed.

公开(公告)号：US20220060517A1

公开(公告)日：2022-02-24

申请号：US17393347

申请日：2021-08-03

Applicant: Oracle International Corporation

Inventor： Igor Dozorets ,  Thoulfekar Alrahem ,  Jun Tong ,  Leonid Kuperman ,  Nachiketh Rao Potlapally ,  Bala Ganesh Chandran ,  Brian Pratt ,  Nathaniel Martin Glass ,  Girish Nagaraja ,  Jonathan Jorge Nadal

IPC: H04L29/06

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

公开(公告)号：US20210409345A1

公开(公告)日：2021-12-30

申请号：US17198019

申请日：2021-03-10

Applicant: Oracle International Corporation

Inventor： Ayman Mohammed Aly Hassan Elmenshawy ,  Girish Nagaraja ,  Daniel M. Vogel

IPC: H04L12/911

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a base identifier assigned to a first resource is extended by mapping the base identifier onto a second identifier assigned to a logical resource that is built upon the first resource. This allows the first resource to have two identities, one identity indicating what the first resource is (e.g., a particular compute instance) and another identity indicating the purpose of the first resource (e.g., operating as a database for a particular tenancy). Consequently, the first resource may be provided with access privileges different from those associated with the base identifier. For example, the first resource may access another resource in the tenancy using the second identifier, but may have no access to the other resource using the base identifier.

公开(公告)号：US20210409218A1

公开(公告)日：2021-12-30

申请号：US17198021

申请日：2021-03-10

Applicant: Oracle International Corporation

Inventor： Ayman Mohammed Aly Hassan Elmenshawy ,  Girish Nagaraja ,  Daniel M. Vogel

IPC: H04L9/32 ,  H04L12/911 ,  H04L29/06

Abstract: Techniques are described for enabling resources within a cloud computing system to interact with each other. In certain embodiments, a resource is assigned a digital token that provides certain access privileges for the duration in which the digital token is valid. The digital token permits the resource to have access for a duration sufficient to perform some operation (e.g., run one-time code or the same code periodically on a scheduled basis), but without extending the level of access for significantly longer than necessary to complete the operation. Each time the resource principal is to perform the operation, the token can be reissued to the resource to provide the resource with time-limited access privileges. The use of this short-lived token avoids having to create permanent credentials for the resource.