US Patent:
20120167158, Jun 28, 2012
Inventors:
Paul Leach - Seattle WA, US
David McPherson - Bothell WA, US
Vishal Agarwal - Bothell WA, US
Mark Fishel Novak - Newcastle WA, US
Ming Tang - Redmond WA, US
Ramaswamy Ranganathan - Bellevue WA, US
Pranav Kukreja - Bellevue WA, US
Andrey Popov - Renton WA, US
Nir Ben Zvi - Redmond WA, US
Arun K. Nanda - Sammamish WA, US
Assignee:
MICROSOFT CORPORATION - Redmond WA
International Classification:
G06F 17/00
Abstract:
Resource authorization policies and resource scopes may be defined separately, thereby decoupling a set of authorization rules from the scope of resources to which those rules apply. In one example, a resource includes anything that can be used in a computing environment (e.g., a file, a device, etc.). A scope describes a set of resources (e.g., all files in folder X, all files labeled “Y”, etc.). Policies describe what can be done with a resource (e.g., “read-only,” “read/write,” “delete, if requestor is a member of the admin group,” etc.). When scopes and policies have been defined, they may be linked, thereby indicating that the policy applies to any resource within the scope. When a request for the resource is made, the request is evaluated against all policies associated with scopes that contain the resource. If the conditions specified in the policies apply, then the request may be granted.