-
公开(公告)号:US09800584B1
公开(公告)日:2017-10-24
申请号:US15341895
申请日:2016-11-02
Applicant: Amazon Technologies, Inc.
Inventor: Borislav Andruschuk , Kevin Fowler
CPC classification number: H04L63/101 , G06F21/6209 , G06F21/6218 , H04L63/10 , H04L63/104 , H04L63/20
Abstract: Access control for shared computing resources in a hierarchical system is provided herein. An as-needed, “lazy evaluation” approach to access control is described in which an effective access control list for a computing resource is determined after a request is received from a user to access the resource. When resources are shared, access control policies are created and stored in association with the shared resource but are not stored in association with hierarchically related lower-level resources. When an access request for a resource is received, access control policies are collected for levels of a computing resource hierarchy that are higher than the hierarchy level of the resource. An effective access control list is determined based on permissions specified in the collected access control policies. The effective access control list represents an effective propagation of access control policies of higher hierarchy levels to the computing resource.
-
公开(公告)号:US10154039B1
公开(公告)日:2018-12-11
申请号:US15706349
申请日:2017-09-15
Applicant: Amazon Technologies, Inc.
Inventor: Borislav Andruschuk , Kevin Fowler
Abstract: Access control for shared computing resources in a hierarchical system is provided herein. An as-needed, “lazy evaluation” approach to access control is described in which an effective access control list for a computing resource is determined after a request is received from a user to access the resource. When resources are shared, access control policies are created and stored in association with the shared resource but are not stored in association with hierarchically related lower-level resources. When an access request for a resource is received, access control policies are collected for levels of a computing resource hierarchy that are higher than the hierarchy level of the resource. An effective access control list is determined based on permissions specified in the collected access control policies. The effective access control list represents an effective propagation of access control policies of higher hierarchy levels to the computing resource.
-
公开(公告)号:US09880989B1
公开(公告)日:2018-01-30
申请号:US14274361
申请日:2014-05-09
Applicant: Amazon Technologies, Inc.
Inventor: Nagesh Pradhan Cadabam , Chetan Rao , Wei Lien Stephen Dang , Sean Krishan Sharma , Noah Eisner , Kevin Fowler
CPC classification number: G06F17/241 , G06F17/211 , G06F17/2264
Abstract: Organizations maintain and generate large amounts of documentation and entities of these organizations often need to collaborate on generating and reviewing this information. There is a need to maintain and store this documentation remotely in such a way that the entities of these organizations may collaborate with each other. To ensure that entities of the organization can collaborate on documents, a document annotation service is described that converts a text-based document, such as a word processing document, to a fixed-layout document, such as a coordinate-based document. Annotations can be received on the fixed-layout document. The annotations can then be mapped to the text-based document and downloaded to a user for viewing.
-
公开(公告)号:US09516028B1
公开(公告)日:2016-12-06
申请号:US14453368
申请日:2014-08-06
Applicant: Amazon Technologies, Inc.
Inventor: Borislav Andruschuk , Kevin Fowler
CPC classification number: H04L63/101 , G06F21/6209 , G06F21/6218 , H04L63/10 , H04L63/104 , H04L63/20
Abstract: Access control for shared computing resources in a hierarchical system is provided herein. An as-needed, “lazy evaluation” approach to access control is described in which an effective access control list for a computing resource is determined after a request is received from a user to access the resource. When resources are shared, access control policies are created and stored in association with the shared resource but are not stored in association with hierarchically related lower-level resources. When an access request for a resource is received, access control policies are collected for levels of a computing resource hierarchy that are higher than the hierarchy level of the resource. An effective access control list is determined based on permissions specified in the collected access control policies. The effective access control list represents an effective propagation of access control policies of higher hierarchy levels to the computing resource.
Abstract translation: 本文提供了分层系统中共享计算资源的访问控制。 描述了访问控制的“懒惰评估”方法,其中在从用户接收到访问资源的请求之后,确定用于计算资源的有效访问控制列表。 当共享资源时,与共享资源相关联地创建和存储访问控制策略,但不与层级相关的较低级资源相关联地存储。 当接收到对资源的访问请求时,针对高于资源层级的计算资源层次结构的级别收集访问控制策略。 基于收集的访问控制策略中指定的权限确定有效的访问控制列表。 有效的访问控制列表表示将较高级别级别的访问控制策略有效传播到计算资源。
-
-
-
Search Results
4
records
(took 0.013 seconds)
