CN109150815B - Resource processing method, device and machine readable medium - Google Patents
Resource processing method, device and machine readable medium Download PDFInfo
- Publication number
- CN109150815B CN109150815B CN201710510466.XA CN201710510466A CN109150815B CN 109150815 B CN109150815 B CN 109150815B CN 201710510466 A CN201710510466 A CN 201710510466A CN 109150815 B CN109150815 B CN 109150815B
- Authority
- CN
- China
- Prior art keywords
- resource
- request
- label
- target
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a resource processing method, a resource processing device and a machine readable medium, wherein the method comprises the following steps: acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; acquiring a target authorization rule corresponding to the request user identifier according to the association relationship between the authorization rule and the user identifier; and authenticating the resource operation request according to the target authorization rule and the target resource label to obtain an authentication result corresponding to the resource operation request. The method and the device for authorizing the mobile terminal can simplify the authorization process and improve the authorization efficiency.
Description
Technical Field
The present application relates to the field of data resource technologies, and in particular, to a resource processing method, device and machine-readable medium.
Background
At present, in order to improve the security of resources, a resource processing system may authorize a user, and judge the validity of a resource operation request by authenticating according to the resource operation request of the user.
One authorization process of the existing scheme may be: generating an authorization rule for the user according to information such as the resource ID (Identity); during authentication, the resource operation request may carry information such as a user identifier, a resource ID, and a resource operation, and the corresponding authentication process may be: and judging whether the user identification has the operation authority for executing the resource operation aiming at the resource ID or not according to the authorization rule corresponding to the user identification.
The inventor finds that the existing scheme at least has the following problems in the process of implementing the embodiment of the application: under the condition that operation permission of a plurality of resources needs to be granted to a user, a plurality of corresponding authorization rules need to be generated one by one according to resource IDs of the plurality of resources, and association between the plurality of authorization rules and the user is established one by one aiming at the plurality of authorization rules, so that the authorization process is complicated, and the authorization efficiency is low.
Disclosure of Invention
The embodiment of the application discloses a resource processing method, a resource processing device and a machine readable medium, which can simplify the authorization process and improve the authorization efficiency.
In one aspect, an embodiment of the present application discloses a resource processing method, including: acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; acquiring a target authorization rule corresponding to the request user identifier according to the association relationship between the authorization rule and the user identifier; and authenticating the resource operation request according to the target authorization rule and the target resource label to obtain an authentication result corresponding to the resource operation request.
In another aspect, an embodiment of the present application discloses a resource processing method, including: generating an authorization rule according to the resource label; wherein one resource label corresponds to at least one resource, and the authorization rule is used for representing the operation authority of the resource with the resource label; and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification.
In another aspect, an embodiment of the present application discloses a resource processing apparatus, including:
the request information acquisition module is used for acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; one target resource label corresponds to at least one resource;
the target authorization rule obtaining module is used for obtaining a target authorization rule corresponding to the request user identifier according to the association relation between the authorization rule and the user identifier;
and the authentication module is used for authenticating the resource operation request according to the target authorization rule and the target resource label so as to obtain an authentication result corresponding to the resource operation request.
In another aspect, an embodiment of the present application discloses a resource processing apparatus, including:
the authorization rule generating module is used for generating an authorization rule according to the resource label; wherein one resource label corresponds to at least one resource, and the authorization rule is used for representing the operation authority of the resource with the resource label; and
and the association establishing module is used for establishing an association relation between the authorization rule and the user identifier so as to grant the operation authority represented by the authorization rule to the user identifier.
In another aspect, an embodiment of the present application discloses an apparatus, including:
one or more processors; and
one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the aforementioned methods.
In yet another aspect, embodiments of the present application disclose one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the foregoing methods.
In another aspect, an embodiment of the present application discloses an apparatus, including:
one or more processors; and
one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the aforementioned methods.
In yet another aspect, embodiments of the present application disclose one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the foregoing methods.
Compared with the prior art, the embodiment of the application has the following advantages:
according to the resource processing method, the user can be given the operation authority of the resource with the resource label through the resource label, and specifically, an authorization rule can be generated according to the resource label; and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification. Since one resource label can correspond to at least one resource, and the authorization rule can be used for representing the operation authority of the resource with the resource label, the embodiment of the application can grant the operation authority of at least one resource to one user through one authorization rule, thereby simplifying the authorization process and improving the authorization efficiency.
In addition, the resource processing method of the embodiment of the application can acquire the target authorization rule corresponding to the request user identifier for the request user identifier corresponding to the resource operation request, and authenticate the resource operation request according to the target authorization rule and the target resource label to obtain the authentication result corresponding to the resource operation request, so that the security of the resource can be improved.
Drawings
FIG. 1 is a schematic diagram of an application environment of a resource handling method of the present application;
FIG. 2 is a flow diagram of a resource handling method embodiment of the present application;
FIG. 3 is a flow diagram of another resource handling method embodiment of the present application;
FIG. 4 is a block diagram of an embodiment of a resource processing apparatus according to the present application;
FIG. 5 is a block diagram of another embodiment of a resource processing apparatus of the present application; and
fig. 6 is a schematic structural diagram of an apparatus according to an embodiment of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
While the concepts of the present application are susceptible to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the description above is not intended to limit the application to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the application.
Reference in the specification to "one embodiment," "an embodiment," "a particular embodiment," or the like, means that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may or may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, where a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described. In addition, it should be understood that items in the list included in the form "at least one of a, B, and C" may include the following possible items: (A); (B) (ii) a (C) (ii) a (A and B); (A and C); (B and C); or (A, B and C). Likewise, a listing of items in the form of "at least one of a, B, or C" may mean (a); (B) (ii) a (C); (A and B); (A and C); (B and C); or (A, B and C).
In some cases, the disclosed embodiments may be implemented as hardware, firmware, software, or any combination thereof. The disclosed embodiments may also be implemented as instructions carried or stored on one or more transitory or non-transitory machine-readable (e.g., computer-readable) storage media, which may be executed by one or more processors. A machine-readable storage medium may be implemented as a storage device, mechanism, or other physical structure (e.g., a volatile or non-volatile memory, a media disk, or other media other physical structure device) for storing or transmitting information in a form readable by a machine.
In the drawings, some structural or methodical features may be shown in a particular arrangement and/or ordering. Preferably, however, such specific arrangement and/or ordering is not necessary. Rather, in some embodiments, such features may be arranged in different ways and/or orders than as shown in the figures. Moreover, the inclusion of structural or methodical features in particular figures is not meant to imply that such features are required in all embodiments and that, in some embodiments, such features may not be included or may be combined with other features.
The embodiment of the application provides a resource processing scheme, which can endow a user with an operation authority for a resource with a resource label through the resource label, and specifically can generate an authorization rule according to the resource label; and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification. Because one resource label can correspond to a plurality of resources, and the authorization rule can be used for representing the operation authority of the resource with the resource label, the embodiment of the application can grant the operation authority of a plurality of resources to one user through one authorization rule, thereby simplifying the authorization process and improving the authorization efficiency.
The method and the device can process the resources in any application scene. Examples of the above application scenarios may include: a cloud resource management scenario, and/or an enterprise resource management scenario, etc. Wherein. In the scenario of enterprise resource management, assuming that an enterprise has a plurality of employees, if there is a need to manage at least one resource through one employee, an operation right of at least one resource can be granted to one employee through a resource tag. It is understood that the embodiments of the present application are not limited to specific application scenarios.
In the embodiment of the present application, examples of the resource may include: disk, instance, bandwidth, memory, etc. Optionally, the resource tag may be a feature of the resource, and according to some embodiments, a resource tag corresponding to the feature of the resource may be added to the resource, so that resources with the same feature may correspond to the same resource tag. Taking the resource as a disk as an example, a corresponding resource label may be added to the disk according to the "capacity" characteristic of the disk. For example, the resource tags corresponding to the disks may include: "large capacity", "medium capacity", "small capacity", etc., then one resource tag may correspond to at least one disk. According to some embodiments, a resource may correspond to one or more resource tags, but multiple resource tags for the same resource may differ. And, the resource label corresponding to the resource has a modifiable property, for example, the corresponding resource label can be added, deleted, or modified for the resource.
In practical applications, the resource tags may be described in any data format as desired. For example, the format of the resource tag may be a key-value format or a string format. Taking the key-value format as an example, the key may be a keyword of the resource tag, and the value may be a numerical value corresponding to the keyword of the resource tag. It is to be understood that the specific format of the resource tag is not limited in the embodiments of the present application.
The resource processing method provided by the embodiment of the present application can be applied to the application environment shown in fig. 1, as shown in fig. 1, the client 100 and the server 200 are located in a wired or wireless network, and the client 100 and the server 200 perform data interaction through the wired or wireless network. For example, in the context of enterprise resource management, the client 100 may run on a user terminal of an enterprise network, and the server 200 may run on a server of the enterprise network, and it is understood that the embodiment of the present application is not limited to the specific client 100, the server 200, and the specific application environment of the embodiment of the present application.
For example, server 200 may maintain resources and add resource tags to the resources, where one resource tag may correspond to at least one resource; in addition, the server 200 may also give the user an operation right to the resource with the resource tag through the resource tag, specifically, may generate an authorization rule according to the resource tag, where the authorization rule may be used to represent the operation right to the resource with the resource tag; and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification.
In practical applications, the client 100 may provide an operation interface, so that a user triggers a resource operation request through the operation interface and sends the resource operation request to the server 200, so that the server 200 authenticates the resource operation request. For example, the obtained authentication result may include: success or failure, wherein when the authentication result is successful, the resource operation request may be allowed, for example, an operation corresponding to the resource operation request may be executed, and a corresponding operation result may be returned to the client 100; or, when the authentication result is failure, the resource operation request may be rejected, and a corresponding rejection prompt may be returned to the client 100.
The embodiment of the application provides a resource processing method.
Referring to fig. 2, a flowchart of an embodiment of a resource processing method according to the present application is shown, which may specifically include:
In the embodiment of the present application, the authorization rule may be used to characterize the operation right for the resource with the resource tag. Optionally, in order to characterize the operation authority, the process of generating the authorization rule according to the resource tag may further use the operation identifier as a basis. Assuming that the operation is identified as opa, the authorization rule may be used to characterize the operation right of the opa operation for the resource with the resource tag, in which case the resource tag and opa may be used as the basis for generating the authorization rule.
In practical applications, the authorization rules may be described in any data format as desired. For example, the data format of the authorization rule may include: the structure (struct) format, wherein a structure is a data set composed of a series of data having the same type or different types. Specifically, in the embodiment of the present application, the structure corresponding to the authorization rule may include: the resource and the operation identifier corresponding to the resource tag, or the structure corresponding to the authorization rule may include: it can be understood that any data format capable of representing the operation authority of the resource with the resource tag is within the protection range of the data format of the authorization rule in the embodiment of the present application.
In an optional embodiment of the present application, the structure corresponding to the authorization rule may include: a string comprising an operation identifier and the resource tag. Accordingly, the process of generating the authorization rule according to the resource tag may include: and combining the resource label and the operation identifier, and taking the obtained character string containing the operation identifier and the resource label as an authorization rule. It can be understood that, those skilled in the art can determine the combination rule corresponding to the above combination according to the actual application requirement. Optionally, one authorization rule may be: and operating the resource corresponding to the identifier, the separator and the resource label. The skilled person can adopt any required separator according to the actual application requirement, for example, the example of the separator may be "|", in this case, the authorization rule may be: the operation identifies | resources (resource tags). Moreover, a person skilled in the art may describe the resource corresponding to the resource label in any manner according to the actual application requirement, for example, all the resources corresponding to the resource label may be represented by an "x (resource label)". An example of an authorization rule may be: opa | (Ta2.key: Ta2.value), wherein opa represents an operation identifier, "Ta2. key: Ta2. value" represents a resource label, Ta2.key represents a keyword of the resource label, and Ta2.value represents a numerical value corresponding to the keyword of the resource label. It can be understood that the character string containing the operation identifier and the resource tag is only an example of the structure corresponding to the authorization rule, and actually, the structure corresponding to the authorization rule may be declared as a variable, a pointer, an array, or the like, so as to implement a more complex data structure; the structure is also a collection of elements, which are called members of the structure, and the members can be of different types; the embodiment of the present application does not limit the specific combination process corresponding to the authorization rule.
Step 202 may establish an association relationship between the authorization rule obtained in step 201 and the user identifier, so as to grant the operation right represented by the authorization rule to the user identifier. Further, the method and the device can also store the association relationship between the authorization rule and the user identifier so as to obtain the target authorization rule corresponding to the user identifier in the resource operation request process.
In practical applications, a UI (user interface) may be provided to enable a user to establish an association relationship between an authorization rule and a user identifier through the UI. For example, the UI may include: the method comprises the steps that a current user identifier and a trigger interface of an authorization rule are displayed, and a selection interface of the authorization rule can be displayed in response to the trigger operation of the trigger interface, wherein the selection interface can comprise a plurality of authorization rules for selection; further, in response to a selection operation of an authorization rule in the selection interface, an association relationship between the authorization rule corresponding to the selection operation and the current user identifier may be established. It is to be understood that one user identifier may be associated with one or more authorization rules, and the specific number of authorization rules associated with the user identifier is not limited in the embodiment of the present application.
To sum up, the resource processing method of the embodiment of the application can give the user the operation authority to the resource with the resource label through the resource label, and specifically, can generate the authorization rule according to the resource label; and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification. Since one resource label can correspond to at least one resource, and the authorization rule can be used for representing the operation authority of the resource with the resource label, the embodiment of the application can grant the operation authority of at least one resource to one user through one authorization rule, thereby simplifying the authorization process and improving the authorization efficiency.
Referring to fig. 3, a flowchart of another embodiment of a resource processing method according to the present application is shown, which may specifically include:
301, acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; one said target resource tag may correspond to at least one resource;
In practical application, a user may trigger a resource operation request through a client, and the client may send the resource operation request to a server, so that the server processes the resource operation request.
In order to improve the security of the resource, when the server processes the resource operation request, the server may first authenticate the resource operation request to determine whether a requesting user corresponding to the resource operation request has an authority to operate a corresponding resource.
In practical applications, the resource operation request may relate to one or more target resources, and the target resource tag may be a resource tag carried by the target resource. Optionally, the resource operation request may carry a request user identifier (identifier of the request user) and a target resource tag; or, the information carried in the resource operation request may be analyzed to obtain the corresponding target resource identifier. It can be understood that the specific acquisition process of the target resource identifier is not limited in the embodiments of the present application.
According to some embodiments, the association relationship between the authorization rule and the user identifier may be searched according to the requesting user identifier to obtain a target authorization rule corresponding to the requesting user identifier, and it may be understood that the target authorization rule may be one or more.
The embodiment of the application can authenticate the resource operation request through the target resource label corresponding to the resource operation request so as to judge whether the requesting user has the operation authority for operating the resource corresponding to the target resource label.
In an optional embodiment of the present application, the resource operation request may further correspond to a request operation identifier (identifier of the request operation, such as name and ID of the request operation), and the authenticating the resource operation request according to the target authorization rule and the target resource tag may include: generating a corresponding authentication rule according to the request operation identifier and the target resource label; and comparing the target authorization rule with the authentication rule, and obtaining an authentication result corresponding to the resource operation request according to a corresponding comparison result.
The authentication rules can be used to characterize the operation definition corresponding to the request operation identification and the target resource label, and the operation definition can be used to represent a method for defining variable meanings according to observable, measurable and operable characteristics. Correspondingly, the comparison between the target authorization rule and the authentication rule can be used to determine whether the operation definition is within the range of the target authorization rule, if so, the obtained authentication result can be successful, otherwise, the obtained authentication result can be failed.
Assuming that the data format of the authorization rule is a preset structure format, the authentication rule conforming to the preset structure format can be obtained according to the request operation identifier and the target resource tag, so as to implement comparison between the target authorization rule and the authentication rule.
Further, if the authorization rule is a character string containing an operation identifier and a resource tag, the generating process of the authentication rule may include: and combining the request operation identifier and the target resource label, and using the obtained character string which contains the request operation identifier and the target resource label and can describe the operation as an authentication rule. For example, examples of authentication rules may be: the request operation identifies | a target resource (target resource tag).
In an application example of the present application, it is assumed that a target resource corresponding to a certain request operation identifier opa includes: resource a and resource b, assuming that resource a has two sets of resource labels, ta1.key: ta1.value, ta2.key: ta2.value, and resource b has one set of resource labels, ta2.key: ta2.value, assuming that the target authorization rule corresponding to the requesting user may be: using opa to operate the resource with the tag of the resource of Ta2.key: Ta2.value, assuming that the character string corresponding to the target authorization rule is: if the first authentication rule corresponding to resource a is opa | a (ta1.key: ta1.value & ta2.key: ta2.value) and the second authentication rule corresponding to resource b is opa | b (ta2.key: ta2.value), the comparison result between the target authorization rule and the first and second authentication rules is as follows:
opa|*(Ta2.key:Ta2.value)>opa|a(Ta1.key:Ta1.value,Ta2.key:Ta2.value) (1)
opa|*(Ta2.key:Ta2.value)>opa|b(Ta2.key:Ta2.value) (2)
since the operation definitions corresponding to the first authentication rule and the second authentication rule are both within the range of the target authorization rule, the obtained authentication result can be successful.
In practical application, when the authentication result is successful, the resource operation request may be allowed, for example, an operation corresponding to the resource operation request may be executed, and a corresponding operation result is returned to the client; or, when the authentication result is failure, the resource operation request may be rejected, and a corresponding rejection prompt may be returned to the client.
It should be noted that the operation identifier | resource (resource tag) and the request operation identifier | target resource (target resource tag) are only examples of the authorization rule and the authentication rule in the present application, and in fact, the embodiment of the present application does not impose any limitation on the specific data format of the authorization rule and the authentication rule, for example, the specific data format of the authorization rule and the authentication rule may be other structural bodies except for a character string, and it is understood that the embodiment of the present application does not impose any limitation on the specific data format of the authorization rule and the authentication rule.
The embodiment of the application can provide the following processing schemes for different resource operation requests:
treatment protocol 1
In processing scheme 1, the resource operation request may include: the method includes the steps that a resource editing request can carry a request user identifier and a resource identifier to be edited, and a target resource tag corresponding to the resource editing request can be a resource tag carried by the resource identifier to be edited.
In practical applications, the resource editing request may be used to perform an editing operation on a resource, for example, the editing operation may include: deleting the resource, modifying the attribute of the resource, and the like, wherein the attribute of the resource can be the inherent attribute of the resource such as the name of the resource. The resource editing request may carry a request user identifier and a resource identifier to be edited, and the target resource tag corresponding to the resource editing request may be a resource tag carried by the resource identifier to be edited.
In an application example of the present application, it is assumed that the information of the resource to be edited is resource a/ra1, where resource a/ra1 is used to represent a resource type and a resource identifier, respectively, where resource a may be optional information, that is, ra1 may uniquely identify the resource to be edited. The resource to be edited has the following labels: ta1.key: Ta1.value, Ta2.key: Ta2.value … …, the corresponding authentication rule can be expressed as: opa | resource A/ra1(Ta1.key: Ta1.value, Ta2.key: Ta2.value … …).
Treatment protocol 2
In processing scheme 2, the resource operation request may include: a resource tag modification request, where the resource tag modification request may carry a request user identifier, a resource identifier to be modified, and tag modification information, and a target resource tag corresponding to the resource tag modification request may include: at least one of the resource label before modification, the resource label after modification, and the resource label in modification.
The resource tag modification request may be used to modify a resource tag of a resource. In practical application, when the characteristics of a certain resource change or the authority owner of the certain resource needs to change, the resource tag modification request can be triggered. Examples of the need for a change to the rights owner of a resource may include: the authority belonging to a certain resource a is a user a, and if a current user B wants to obtain the operation authority of the resource a, the resource label of the resource a may be changed, for example, a resource label that the user B has authority may be added to the resource a, and the user B may obtain the operation authority of the resource a. It can be understood that the embodiment of the present application does not impose a limitation on the specific application scenario of the resource tag modification request.
In this embodiment of the present application, the range of the target resource tag involved in the authentication of the resource tag modification request may include: at least one of the resource label before modification, the resource label after modification, and the resource label in modification. The resource label before modification, the resource label after modification and the resource label during modification are respectively used for representing the resource label in the states before modification, after modification and during modification. For example, the target resource tag may include: the resource identifier to be modified has a resource tag before modification, or the target resource tag may include: the resource label before modification and the resource label after modification, or the target resource label may include: the resource label before modification, the resource label after modification and the resource label during modification. The embodiment of the application authenticates the operation authority of the resource with the resource label before modification, the resource label after modification and the resource label during modification, and can improve the safety of the resource.
In practical applications, when the data format of the resource tag is a character string, the target resource tag may include: the resource label before modification is carried by the resource identifier to be modified, and the resource label before modification are different character strings, and the resource label after modification can not affect other resource labels, so that the security of the resource can be realized by authenticating the resource label before modification.
In an optional embodiment of the present application, a format of the resource tag may be a key-value pair key-value format, and the resource tag in the modification may include: the key and its corresponding intermediate value included in the path from the pre-modified value to the post-modified value. For example, the requesting user has the operation right with the resource tag k1: v1, and then the requesting user operates to modify the resource tag to k1: v2, k1: v1, and the corresponding semantics are as follows: firstly, the resource label in the modification is modified to k1: v2, and then modified to k1: v1, the resource label in the modification can be k1: v2, and the modified resource label obtained aiming at the same key can avoid influencing the resource state.
In an application example of the present application, resource a carries resource tags of ta1.key: ta1.value, ta2.key: ta2.value … …, and a resource tag modification request adds the following tags to resource a: ta1.key: Ta1.value2, Ta1.key: Ta1.value, Tax. key: Tax. value, Tay. key: Tay. value … …, the target resource label range involved in the authentication of the resource label modification request may include: resource tags before modification (Ta1.key: Ta1.value, Ta2.key: Ta2.value … …), resource tags after modification (Ta1.key: Ta1.value, Tax. key: Tax. value, Tay. key: Tay. value … …), and resource tags in modification (Ta1.key: Ta1.value2, Tax. key: Tax. value, Tay. key: Tay. value … …); in the modification process of the resource label, the change of Ta1.key: Ta1.value to Ta1.key: Ta1.value2/Ta1.key: Ta1.value occurs, and the semantics are as follows: the resource label corresponding to Ta1.key modifies value to Ta1.value2, and then modifies value to Ta1.value, so that the modified resource label can appear (Ta1.key: Ta1.value2, Tax. key: Tax. value, Tay. key: Tay. value … …).
In the above example, the authentication rule corresponding to the resource tag modification request may be:
opa|a(Ta1.key:Ta1.value,Ta2.key:Ta2.value……)&
opa|a(Ta1.key:Ta1.value2,Tax.key:Tax.value,Tay.key:Tay.value……)& (3)
opa|a(Ta1.key:Ta1.value,Tax.key:Tax.value,Tay.key:Tay.value……)
the "&" indicates "and/or (and)", that is, the authentication rule may be a combination of the resource label before modification, the resource label after modification, and the authentication rule corresponding to the resource label in modification, which are divided by the "&", and when the authentication results of all the authentication rules are successful, the authentication result of the resource label modification request may be considered to be successful.
It should be noted that, in the authentication process of the resource tag modification request, the embodiment of the present application may perform analog modification on the resource tag. Specifically, the modified resource tag and the modified resource tag can be obtained through simulation modification, and if the requesting user does not have the operation permission of the resource with the modified resource tag and the modified resource tag, the authentication fails, and the resource tag modification request can be rejected, so that the situation that the requesting user does not have the operation permission of the tag of the resource with the modified resource tag can be avoided, that is, the influence on the resource state can be avoided.
In an optional embodiment of the present application, the authentication of the resource tag before modification, the resource tag after modification, and the resource tag during modification may be performed in sequence, for example, the authentication of the resource tag before modification may be performed first, and if the obtained first authentication result is a failure, the authentication result of the resource tag modification request may be a failure; if the obtained second authentication result is successful, the authentication of the modified resource label can be executed, and if the obtained second authentication result is failed, the authentication result of the resource label modification request can be failed; if the obtained second authentication result is successful, the authentication of the resource tag in modification can be executed, if the obtained third authentication result is failed, the authentication result of the resource tag modification request can be failed, and if the obtained third authentication result is successful, the authentication result of the resource tag modification request can be successful. It can be understood that the embodiment of the present application does not impose a limitation on the authentication sequence of the resource tag before modification, the resource tag after modification, and the resource tag during modification.
Treatment protocol 3
In processing scheme 3, the resource operation request may include: a resource creating request, where the resource creating request carries a request user identifier, a resource tag of a resource to be created, and an associated resource identifier corresponding to the resource to be created, and a target resource tag corresponding to the resource creating request may include: and the resource label carried by the associated resource identifier and the resource label of the resource to be created.
The resource creation request may be used to create a new resource (hereinafter referred to as a resource to be created), such as a new instance and/or a new disk, etc. In the authentication process of the resource creation request, the embodiment of the application can judge whether the requesting user has the operation authority of the resource to be created; optionally, it may also be determined whether the requesting user has an operation right of the associated resource corresponding to the resource to be created, where the associated resource may be used to represent a resource related to the resource to be created, such as a resource that needs to be used for creating the resource to be created. In practical application, the resource tag of the resource to be created and the associated resource identifier corresponding to the resource to be created may be carried in the resource creation request.
In an application example of the present application, assuming that resource labels of resources to be created are tb1.key: tb1.value, tb2.key: tb2.value … …, the resources to be created may be represented as resourceB/(where resourceB represents the type of the resources to be created, and there is no resource ID before the resources to be created are successfully created); assuming that the information of the associated resource is resource a/ra1 (resource type/resource ID), and assuming that the resource labels carried by the associated resource are ta1.key: ta1.value, and ta2.key: ta2.value … …, the authentication rule corresponding to the resource creation request may be:
opa|resourceA/ra1(Ta1.key:Ta1.value,Ta2.key:Ta2.value……)&
opa|resourceB/*(Tb1.key:Tb1.value,Tb2.key:Tb2.value……) (4)
wherein, under the condition that the authentication results of the two divided authentication rules divided by the "&" are both successful, the authentication result of the resource creation request can be considered as successful, and under the condition, the operation corresponding to the resource creation request can be executed; conversely, in the case that one or both of the authentication results of the two sub-authentication rules divided by "&" are failed, the authentication result of the resource creation request may be considered as failed, and in this case, the resource creation request may be rejected.
Treatment protocol 4
In processing scheme 4, the resource operation request may include: a resource query request, where the resource query request may carry a request user identifier, a resource tag of a resource to be queried, or a resource identifier of a resource to be queried, and a target resource tag corresponding to the resource query request may include: and the resource label of the resource to be inquired or the resource label carried by the resource identifier to be inquired.
The resource query request can be used for querying resources so that a user can obtain information of required resources through the resource query request; taking the resource as an example, the information of the resource may include: the available area, the IP address, the status (such as running and stopping), the network type, the configuration (configuration of CPU, memory and bandwidth, etc.), etc. it can be understood that the embodiment of the present application does not limit the specific information of the resource.
In an optional embodiment of the present application, the resource query request may carry a resource tag of a resource to be queried, so that a user may query the resource through the resource tag, and a query result may be all resources corresponding to the resource tag of the resource to be queried. For example, if the resource labels of the resources to be queried are ta1.key: ta1.value, and ta2.key: ta2.value … …, the corresponding authentication rules may be: opa | (Ta1.key: Ta1.value, Ta2.key: Ta2.value … …).
In another optional embodiment of the present application, the resource query request may carry a resource identifier to be queried, so that a user may obtain a corresponding resource to be queried through querying the resource identifier to be queried. In practical application, a resource tag carried by a resource identifier to be queried may be obtained first, and if the resource tag carried by the resource identifier to be queried rc1 is tc1.key: tc1.value, and tc2.key: tc2.value … …, the corresponding authentication rule may be: opa | rc1(Tc1.key: Tc1.value, Tc2.key: Tc2.value … …).
It is to be understood that opa in the above authorization rule and authentication rule may be an operation identifier, which may represent one or more operations, and the embodiment of the present application does not limit the specific operations represented by opa.
The resource operation requests such as the resource editing request, the resource tag modification request, the resource creating request, the resource query request, and the like are described in detail through the processing schemes 1 to 4, and it can be understood that a person skilled in the art may adopt any one or a combination of the processing schemes 1 to 4 according to the actual application requirements, or may also adopt other processing schemes corresponding to other resource operation requests, and the embodiment of the present application does not limit the specific resource operation requests and the specific processing schemes corresponding to the resource operation requests.
In summary, the resource processing method of the embodiment of the application can obtain the target authorization rule corresponding to the request user identifier for the request user identifier corresponding to the resource operation request, and authenticate the resource operation request according to the target authorization rule and the target resource label to obtain the authentication result corresponding to the resource operation request, so that the security of the resource can be improved.
It is noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the described order of acts, as some blocks may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
The embodiment of the application also provides a resource processing device.
Referring to fig. 4, a block diagram of a resource processing apparatus according to an embodiment of the present application is shown, which may specifically include the following modules:
an authorization rule generating module 401, configured to generate an authorization rule according to the resource tag; wherein, one resource label can correspond to at least one resource, and the authorization rule can be used for representing the operation authority of the resource with the resource label; and
an association establishing module 402, configured to establish an association relationship between the authorization rule and a user identifier, so as to grant an operation right represented by the authorization rule to the user identifier.
Optionally, the format of the resource tag may be a key-value pair key-value format or a character string format.
Referring to fig. 5, a block diagram of another embodiment of the resource processing apparatus of the present application is shown, which may specifically include the following modules:
a request information obtaining module 501, configured to obtain a resource operation request, and a request user identifier and a target resource tag corresponding to the resource operation request; one said target resource tag may correspond to at least one resource;
a target authorization rule obtaining module 502, configured to obtain a target authorization rule corresponding to the requesting user identifier according to an association relationship between an authorization rule and a user identifier;
and an authentication module 503, configured to authenticate the resource operation request according to the target authorization rule and the target resource tag, so as to obtain an authentication result corresponding to the resource operation request.
Optionally, the resource operation request may further correspond to a request operation identifier, and the authentication module 503 may include:
the authentication rule generating submodule is used for generating a corresponding authentication rule according to the request operation identifier and the target resource label; and
and the comparison submodule is used for comparing the target authorization rule with the authentication rule and obtaining an authentication result corresponding to the resource operation request according to a corresponding comparison result.
Optionally, the resource operation request may include: the method includes the steps that a resource editing request carries a request user identifier and a resource identifier to be edited, and a target resource tag corresponding to the resource editing request can be a resource tag carried by the resource identifier to be edited.
Optionally, the resource operation request may include: a resource tag modification request, where the resource tag modification request may carry a request user identifier, a resource identifier to be modified, and tag modification information, and a target resource tag corresponding to the resource tag modification request may include: at least one of the resource label before modification, the resource label after modification, and the resource label in modification.
Optionally, the format of the resource tag is a key-value pair key-value format, and the modifying resource tag may include: the key and its corresponding intermediate value that the path from the pre-modified value to the post-modified value may include.
Optionally, the resource operation request may include: a resource creating request, where the resource creating request carries a request user identifier, a resource tag of a resource to be created, and an associated resource identifier corresponding to the resource to be created, and a target resource tag corresponding to the resource creating request may include: and the resource label carried by the associated resource identifier and the resource label of the resource to be created.
Optionally, the resource operation request may include: a resource query request, where the resource query request carries a request user identifier, a resource tag of a resource to be queried, or a resource identifier of a resource to be queried, and a target resource tag corresponding to the resource query request may include: and the resource label of the resource to be inquired or the resource label carried by the resource identifier to be inquired.
To sum up, the resource processing apparatus of the embodiment of the application can give the user the operation authority for the resource with the resource tag through the resource tag, and specifically, can generate the authorization rule according to the resource tag; and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification. Since one resource label can correspond to at least one resource, and the authorization rule can be used for representing the operation authority of the resource with the resource label, the embodiment of the application can grant the operation authority of at least one resource to one user through one authorization rule, thereby simplifying the authorization process and improving the authorization efficiency.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and the similar parts should be referred to each other.
Embodiments of the application can be implemented as a system or apparatus employing any suitable hardware and/or software for the desired configuration. Fig. 6 schematically illustrates an example apparatus 700 that may be used to implement various embodiments described herein.
For one embodiment, fig. 6 illustrates an exemplary apparatus 700, which apparatus 700 may comprise: one or more processors 702, a system control module (chipset) 704 coupled to at least one of the processors 702, a system memory 706 coupled to the system control module 704, a non-volatile memory (NVM)/storage 708 coupled to the system control module 704, one or more input/output devices 710 coupled to the system control module 704, and a network interface 712 coupled to the system control module 706. The system memory 706 may include: instructions 762, the instructions 762 being executable by the one or more processors 702.
The processor 702 may include one or more single-core or multi-core processors, and the processor 702 may include any combination of general-purpose or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the apparatus 700 can be a server, a target device, a wireless device, etc., as described in embodiments herein.
In some embodiments, the apparatus 700 may include one or more machine-readable media (e.g., the system memory 706 or the NVM/storage 708) having instructions and one or more processors 702 configured to execute the instructions in conjunction with the one or more machine-readable media to implement the modules included in the aforementioned apparatus to perform the actions described in embodiments of the present application.
System memory 706 for one embodiment may be used to load and store data and/or instructions 762. For one embodiment, the system memory 706 may include any suitable volatile memory, such as suitable DRAM (dynamic random access memory). In some embodiments, the system memory 706 may include: double data rate type four synchronous dynamic random access memory (DDR4 SDRAM).
NVM/storage 708 for one embodiment may be used to store data and/or instructions 782. NVM/storage 708 may include any suitable non-volatile memory (e.g., flash memory, etc.) and/or may include any suitable non-volatile storage device(s), e.g., one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives, etc.
NVM/storage 708 may include storage resources that are physically part of the device on which device 700 is installed or may be accessible by the device and not necessarily part of the device. For example, NVM/storage 708 may be accessed over a network via network interface 712 and/or through input/output devices 710.
Input/output device(s) 710 for one embodiment may provide an interface for apparatus 700 to communicate with any other suitable device, and input/output devices 710 may include communication components, audio components, sensor components, and so forth.
For one embodiment, at least one of the processors 702 may be packaged together with logic for one or more controllers (e.g., memory controllers) of system control module 704. For one embodiment, at least one of the processors 702 may be packaged together with logic for one or more controllers of system control module 704 to form a System In Package (SiP). For one embodiment, at least one of the processors 702 may be integrated on the same novelty as the logic of one or more controllers of the system control module 704. For one embodiment, at least one of the processors 702 may be integrated on the same chip with logic for one or more controllers of system control module 704 to form a system on a chip (SoC).
In various embodiments, the apparatus 700 may include, but is not limited to: a computing device such as a desktop computing device or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.). In various embodiments, apparatus 700 may have more or fewer components and/or different architectures. For example, in some embodiments, device 700 may include one or more cameras, keyboards, Liquid Crystal Display (LCD) screens (including touch screen displays), non-volatile memory ports, multiple antennas, graphics chips, Application Specific Integrated Circuits (ASICs), and speakers.
Wherein, if the display includes a touch panel, the display screen may be implemented as a touch screen display to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The present application also provides a non-transitory readable storage medium, where one or more modules (programs) are stored in the storage medium, and when the one or more modules are applied to an apparatus, the apparatus may be caused to execute instructions (instructions) of methods in the present application.
Provided in one example is an apparatus comprising: one or more processors; and, instructions in one or more machine-readable media stored thereon, which when executed by the one or more processors, cause the apparatus to perform a method as in embodiments of the present application, which may include: the method shown in fig. 2 or fig. 3.
One or more machine-readable media are also provided in one example, having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform a method as in embodiments of the application, which may include: the method shown in fig. 2 or fig. 3.
A method of resource processing, the method comprising:
acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; one target resource label corresponds to at least one resource;
acquiring a target authorization rule corresponding to the request user identifier according to the association relationship between the authorization rule and the user identifier;
and authenticating the resource operation request according to the target authorization rule and the target resource label to obtain an authentication result corresponding to the resource operation request.
Optionally, if the resource operation request further corresponds to a request operation identifier, the authenticating the resource operation request according to the target authorization rule and the target resource tag includes:
generating a corresponding authentication rule according to the request operation identifier and the target resource label;
and comparing the target authorization rule with the authentication rule, and obtaining an authentication result corresponding to the resource operation request according to a corresponding comparison result.
Optionally, the resource operation request includes: the method comprises the steps of requesting a user identifier and a resource identifier to be edited, wherein the resource editing request carries the user identifier and the resource identifier to be edited, and a target resource tag corresponding to the resource editing request is a resource tag carried by the resource identifier to be edited.
Optionally, the resource operation request includes: a resource tag modification request, where the resource tag modification request carries a request user identifier, a resource identifier to be modified, and tag modification information, and a target resource tag corresponding to the resource tag modification request includes: at least one of the resource label before modification, the resource label after modification, and the resource label in modification.
Optionally, the format of the resource tag is a key-value pair key-value format, and the resource tag in the modification includes: the key and its corresponding intermediate value included in the path from the pre-modified value to the post-modified value.
Optionally, the resource operation request includes: a resource creating request, where the resource creating request carries a request user identifier, a resource tag of a resource to be created, and an associated resource identifier corresponding to the resource to be created, and a target resource tag corresponding to the resource creating request includes: and the resource label carried by the associated resource identifier and the resource label of the resource to be created.
Optionally, the resource operation request includes: a resource query request, where the resource query request carries a request user identifier, a resource tag of a resource to be queried, or a resource identifier of a resource to be queried, and a target resource tag corresponding to the resource query request includes: and the resource label of the resource to be inquired or the resource label carried by the resource identifier to be inquired.
A method of resource processing, comprising:
generating an authorization rule according to the resource label; wherein one resource label corresponds to at least one resource, and the authorization rule is used for representing the operation authority of the resource with the resource label;
and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification.
Optionally, the format of the resource tag is a key-value pair key-value format or a character string format.
The foregoing detailed description has provided a resource processing method, a resource processing apparatus, an apparatus, and one or more machine readable media, and the present application has applied specific examples to explain the principles and embodiments of the present application, and the descriptions of the foregoing examples are only used to help understand the method and the core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (15)
1. A method for processing resources, comprising:
acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; one target resource label corresponds to at least one resource;
acquiring a target authorization rule corresponding to the request user identifier according to the association relationship between the authorization rule and the user identifier; the target authorization rule is used for representing the operation authority of the requesting user identification on the resource with the resource label; the operation authority corresponds to at least one operation identifier; the resource tag corresponds to a characteristic of a resource;
authenticating the resource operation request according to the target authorization rule and the target resource label to obtain an authentication result corresponding to the resource operation request; and performing the authentication based on the comparison between the target authorization rule and the authentication rule, wherein the authentication rule is generated according to the request operation identifier and the target resource label.
2. The method of claim 1, wherein the resource operation request further corresponds to a request operation identifier, and the authenticating the resource operation request according to the target authorization rule and the target resource tag includes:
generating a corresponding authentication rule according to the request operation identifier and the target resource label;
and comparing the target authorization rule with the authentication rule, and obtaining an authentication result corresponding to the resource operation request according to a corresponding comparison result.
3. The method of claim 1 or 2, wherein the resource operation request comprises: the method comprises the steps of requesting a user identifier and a resource identifier to be edited, wherein the resource editing request carries the user identifier and the resource identifier to be edited, and a target resource tag corresponding to the resource editing request is a resource tag carried by the resource identifier to be edited.
4. The method of claim 1 or 2, wherein the resource operation request comprises: a resource tag modification request, where the resource tag modification request carries a request user identifier, a resource identifier to be modified, and tag modification information, and a target resource tag corresponding to the resource tag modification request includes: at least one of the resource label before modification, the resource label after modification, and the resource label in modification.
5. The method of claim 4, wherein the resource tag is in a key-value pair (KEY-VALUE) format, and wherein the modifying the resource tag comprises: the key and its corresponding intermediate value included in the path from the pre-modified value to the post-modified value.
6. The method of claim 1 or 2, wherein the resource operation request comprises: a resource creating request, where the resource creating request carries a request user identifier, a resource tag of a resource to be created, and an associated resource identifier corresponding to the resource to be created, and a target resource tag corresponding to the resource creating request includes: and the resource label carried by the associated resource identifier and the resource label of the resource to be created.
7. The method of claim 1 or 2, wherein the resource operation request comprises: a resource query request, where the resource query request carries a request user identifier, a resource tag of a resource to be queried, or a resource identifier of a resource to be queried, and a target resource tag corresponding to the resource query request includes: and the resource label of the resource to be inquired or the resource label carried by the resource identifier to be inquired.
8. A method for processing resources, comprising:
generating an authorization rule according to the resource label and the operation identifier; wherein one resource label corresponds to at least one resource, and the authorization rule is used for representing the operation authority of the resource with the resource label; the operation authority corresponds to at least one operation identifier; the resource tag corresponds to a characteristic of a resource;
and establishing an incidence relation between the authorization rule and the user identification so as to grant the operation authority represented by the authorization rule to the user identification.
9. The method of claim 8, wherein the resource tag is in a key-value pair (KEY-VALUE) format or a string format.
10. A resource processing apparatus, comprising:
the request information acquisition module is used for acquiring a resource operation request, and a request user identifier and a target resource label corresponding to the resource operation request; one target resource label corresponds to at least one resource;
the target authorization rule obtaining module is used for obtaining a target authorization rule corresponding to the request user identifier according to the association relation between the authorization rule and the user identifier; the target authorization rule is used for representing the operation authority of the requesting user identification on the resource with the resource label; the operation authority corresponds to at least one operation identifier; the resource tag corresponds to a characteristic of a resource;
the authentication module is used for authenticating the resource operation request according to the target authorization rule and the target resource label to obtain an authentication result corresponding to the resource operation request; and performing the authentication based on the comparison between the target authorization rule and the authentication rule, wherein the authentication rule is generated according to the request operation identifier and the target resource label.
11. A resource processing apparatus, comprising:
the authorization rule generating module is used for generating an authorization rule according to the resource label and the operation identifier; wherein one resource label corresponds to at least one resource, and the authorization rule is used for representing the operation authority of the resource with the resource label; the operation authority corresponds to at least one operation identifier; the resource tag corresponds to a characteristic of a resource; and
and the association establishing module is used for establishing an association relation between the authorization rule and the user identifier so as to grant the operation authority represented by the authorization rule to the user identifier.
12. A resource processing apparatus, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of one or more of claims 1-7.
13. One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the method recited by one or more of claims 1-7.
14. A resource processing apparatus, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of one or more of claims 8-9.
15. One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the method recited by one or more of claims 8-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710510466.XA CN109150815B (en) | 2017-06-28 | 2017-06-28 | Resource processing method, device and machine readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710510466.XA CN109150815B (en) | 2017-06-28 | 2017-06-28 | Resource processing method, device and machine readable medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109150815A CN109150815A (en) | 2019-01-04 |
| CN109150815B true CN109150815B (en) | 2021-11-23 |
Family
ID=64803278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710510466.XA Active CN109150815B (en) | 2017-06-28 | 2017-06-28 | Resource processing method, device and machine readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109150815B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113344311A (en) * | 2020-03-03 | 2021-09-03 | 北京国双科技有限公司 | Task execution method and device, storage medium, processor and electronic equipment |
| CN113360284A (en) * | 2021-06-04 | 2021-09-07 | 深圳前海微众银行股份有限公司 | Resource management method, device and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350717A (en) * | 2007-07-18 | 2009-01-21 | 中国移动通信集团公司 | Method and system for logging on third party server through instant communication software |
| CN104169930A (en) * | 2012-07-02 | 2014-11-26 | 华为技术有限公司 | Resource access method and device |
| CN104579658A (en) * | 2013-10-15 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Identity authentication method and device |
| CN106506521A (en) * | 2016-11-28 | 2017-03-15 | 腾讯科技(深圳)有限公司 | resource access control method and device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103997417B (en) * | 2014-02-17 | 2018-06-26 | 华信咨询设计研究院有限公司 | Optical network resource connection status management method |
| JP2015153345A (en) * | 2014-02-19 | 2015-08-24 | 株式会社東芝 | Information System |
| CN104954330B (en) * | 2014-03-27 | 2018-03-16 | 华为软件技术有限公司 | A kind of methods, devices and systems to be conducted interviews to data resource |
| US20150302179A1 (en) * | 2014-04-14 | 2015-10-22 | Mark Rheault | Real-time aggregation and display of data |
| CN106330813A (en) * | 2015-06-16 | 2017-01-11 | 华为技术有限公司 | Method, device and system for processing authorization |
-
2017
- 2017-06-28 CN CN201710510466.XA patent/CN109150815B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350717A (en) * | 2007-07-18 | 2009-01-21 | 中国移动通信集团公司 | Method and system for logging on third party server through instant communication software |
| CN104169930A (en) * | 2012-07-02 | 2014-11-26 | 华为技术有限公司 | Resource access method and device |
| CN104579658A (en) * | 2013-10-15 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Identity authentication method and device |
| CN106506521A (en) * | 2016-11-28 | 2017-03-15 | 腾讯科技(深圳)有限公司 | resource access control method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109150815A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11075761B2 (en) | Hypervisor supported secrets compartment | |
| US20190089810A1 (en) | Resource access method, apparatus, and system | |
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| WO2015043420A1 (en) | Permission control method and device | |
| US10812477B2 (en) | Blockchain-based enterprise authentication method, apparatus, and device, and blockchain-based authentication traceability method, apparatus, and device | |
| US20200053082A1 (en) | Out-of-band challenge in a computer system | |
| US9514100B2 (en) | Method, apparatus and system of screenshot grabbing and sharing | |
| US8793506B2 (en) | Mechanism for facilitating encryption-free integrity protection of storage data at computing systems | |
| JP6306055B2 (en) | Using free-form metadata for access control | |
| US9734311B1 (en) | Secure authentication of firmware configuration updates | |
| US10791105B2 (en) | Credential-based proactive discovery of remote micro-services by spreadsheet applications | |
| US9258382B2 (en) | User-specific roaming settings | |
| US20140250105A1 (en) | Reliable content recommendations | |
| US20210105627A1 (en) | Method and a device for authorizing a user equipment to connect to a wireless access point | |
| US20160285911A1 (en) | Context sensitive multi-mode authentication | |
| US10803190B2 (en) | Authentication based on client access limitation | |
| EP2924947A1 (en) | Method and apparatus for controlling access | |
| CN109150815B (en) | Resource processing method, device and machine readable medium | |
| US9510182B2 (en) | User onboarding for newly enrolled devices | |
| US10904011B2 (en) | Configuration updates for access-restricted hosts | |
| US10452675B1 (en) | Source detection and indexing for managed search | |
| EP2981882A1 (en) | Removable storage device identity and configuration information | |
| CN111143327B (en) | Data processing method and device | |
| CN105359453A (en) | Anonymous server based user settings protection | |
| CN113961253A (en) | Driver calling method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |