WO2022259378A1 - 情報処理システム、リソース管理装置、リソース管理方法及びプログラム - Google Patents
情報処理システム、リソース管理装置、リソース管理方法及びプログラム Download PDFInfo
- Publication number
- WO2022259378A1 WO2022259378A1 PCT/JP2021/021784 JP2021021784W WO2022259378A1 WO 2022259378 A1 WO2022259378 A1 WO 2022259378A1 JP 2021021784 W JP2021021784 W JP 2021021784W WO 2022259378 A1 WO2022259378 A1 WO 2022259378A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- access
- resource
- scope
- authority
- modifier
- Prior art date
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 12
- 238000007726 management method Methods 0.000 title claims description 16
- 238000013475 authorization Methods 0.000 claims abstract description 42
- 230000004044 response Effects 0.000 claims abstract description 27
- 238000012545 processing Methods 0.000 claims abstract description 19
- 239000003607 modifier Substances 0.000 claims description 54
- 238000000034 method Methods 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 description 18
- 238000010586 diagram Methods 0.000 description 13
- 238000004458 analytical method Methods 0.000 description 7
- 238000012546 transfer Methods 0.000 description 4
- 230000004913 activation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Definitions
- the present invention relates to an information processing system, resource management device, resource management method and program.
- Non-Patent Document 1 OAuth is known as a technical specification for delegating partial authority to others (Non-Patent Document 1 and Non-Patent Document 2).
- Players (characters) related to OAuth include the resource owner (RO), resource server (RS), relying party (RP), and authorization server (AS).
- An RO is the owner of a resource such as data, and a user who uses the resource through a service provided by a third party.
- the RS is the management destination of the resources of the RO (generally, the AS and the RS have the same management entity).
- An RP is a third party that provides that certain service. In providing the service, the RP is delegated authority from the RO and accesses resources managed by the RS on behalf of the RO.
- the AS performs delegation of access rights to resources to the RP.
- the RO uses the RP's service.
- the RO selects to link the AS and the RP (with access to the RP, the RO selects linking between the RP and the AS).
- the RO is redirected from the RP to the AS and authorizes cooperation with the RP on the AS (agreeing to delegate authority).
- the RP can obtain access tokens necessary to access resources managed by the RS.
- the authority that is transferred to others is called scope.
- the AS designs what kind of authority can be delegated, and publishes it as an API reference or the like.
- the RP selects from the API reference the authority to use to provide the service.
- the RO verifies the authority requested by the RP and delegates its authority to the RP if agreed.
- the OAuth 2.0 Authorization Framework (RFC6749), [online], Internet ⁇ URL: https://tools.ietf.org/html/rfc6749>
- the OAuth 2.0 Authorization Framework Bearer Token Usage (RFC6750), [online], Internet ⁇ URL: https://tools.ietf.org/html/rfc6750>
- the present invention has been made in view of the above points, and aims to improve the flexibility of the scope of authority to be delegated to others.
- a resource management device that manages a certain resource, an access device that accesses the resource, and the access authority when the owner of the resource permits delegation of the access authority to the resource. and an authorization device that issues an access token corresponding to the access token to the access device, wherein the resource management device responds to an access request to the resource accompanied by the access token from the access device by issuing the access token an acquisition unit that acquires information in which a modifier is assigned to the access authority disclosed in advance by the authorization device as information indicating the range of access authority corresponding to the access authority range limited by the modifier; and an execution unit that executes a process according to the access request.
- FIG. 10 is a sequence diagram for explaining an example of a processing procedure when issuing an access token;
- FIG. 10 is a diagram showing a display example of a screen for inquiring of a user about permission or disapproval of cooperation with the authorization server 20.
- FIG. 11 is a diagram showing an example of an expanded menu on a screen for inquiring of a user about permission or denial of cooperation with the authorization server 20.
- FIG. FIG. 10 is a sequence diagram for explaining an example of a processing procedure when issuing an access token;
- FIG. 10 is a diagram showing a display example of a screen for inquiring of a user about permission or disapproval of cooperation with the authorization server 20.
- FIG. FIG. 11 is a diagram showing an example of an expanded menu on a screen for inquiring of a user about permission or denial of cooperation with the authorization server 20.
- FIG. 10 is a diagram showing a display example of a screen for inquiring about permission to transfer authority;
- FIG. 10 is a diagram showing an example of an expanded menu on a screen for inquiring about permission to transfer authority;
- FIG. 4 is a diagram conceptually showing the size (range) of scope;
- FIG. 11 is a flowchart for explaining an example of a processing procedure when exercising an access token;
- FIG. 1 is a diagram showing a configuration example of an information processing system according to an embodiment of the present invention.
- the RO terminal 40, RP server 30, authorization server 20 and resource server 10 are connected via a network such as the Internet.
- the RO terminal 40 is an owner of a certain software resource such as data (hereinafter referred to as "target resource”) and a user of a certain service (hereinafter referred to as "target service”) that accesses the target resource.
- target resource a certain software resource such as data
- target service a user of a certain service
- a PC Personal Computer
- smartphone a smartphone
- tablet terminal or the like
- the user corresponds to RO (resource owner) in OAuth.
- the RP server 30 is one or more computers that provide target services. In order to provide the target service, the RP server 30 performs processing for receiving from the RO the transfer of authority for accessing the target resource. The processing complies with OAuth. Note that the RP server 30 functions as an RP (relying party) in OAuth.
- the authorization server 20 is one or more computers that function as an AS in OAuth.
- the resource server 10 is one or more computers that store and manage target resources and function as RSs in OAuth.
- FIG. 2 is a diagram showing a hardware configuration example of the resource server 10 according to the embodiment of the present invention.
- the resource server 10 of FIG. 2 has a drive device 100, an auxiliary storage device 102, a memory device 103, a CPU 104, an interface device 105, and the like, which are connected to each other via a bus B, respectively.
- a program that implements processing in the resource server 10 is provided by a recording medium 101 such as a CD-ROM.
- a recording medium 101 such as a CD-ROM.
- the program is installed from the recording medium 101 to the auxiliary storage device 102 via the drive device 100 .
- the program does not necessarily need to be installed from the recording medium 101, and may be downloaded from another computer via the network.
- the auxiliary storage device 102 stores installed programs, as well as necessary files and data.
- the memory device 103 reads and stores the program from the auxiliary storage device 102 when a program activation instruction is received.
- the CPU 104 executes functions related to the resource server 10 according to programs stored in the memory device 103 .
- the interface device 105 is used as an interface for connecting to a network.
- the RP server 30, authorization server 20, and RO terminal 40 may also have the same hardware configuration as in FIG.
- FIG. 3 is a diagram showing a functional configuration example of the information processing system according to the embodiment of the present invention.
- the RP server 30 has an RPOAuth section 31 and a scope determination section 32 . Each of these units is realized by processing that one or more programs installed in the RP server 30 cause the CPU of the RP server 30 to execute.
- the authorization server 20 has an ASOAuth section 21 , a scope setting section 22 and a scope verification section 23 . Each of these units is implemented by processing that one or more programs installed in the authorization server 20 cause the CPU of the authorization server 20 to execute.
- the resource server 10 has an RSOAuth unit 11 and a scope analysis unit 12. Each of these units is implemented by processing that one or more programs installed in the resource server 10 cause the CPU 104 to execute.
- FIG. 4 is a sequence diagram for explaining an example of a processing procedure when issuing an access token. Note that the processing procedure in FIG. 4 conforms to OAuth. Further, the process executed by the RO terminal 40 in FIG. 4 is, for example, a process that a web browser installed in the RO terminal 40 causes the RO terminal 40 to execute.
- step S101 the RO terminal 40 transmits a request to use the target service to the RP server 30 in response to a predetermined operation by the user. It is assumed that the user has already been authenticated by the RP server 30 . Therefore, it is assumed that the RP server 30 can identify the user who requested the usage request.
- the RPOAuth section 31 of the RP server 30 inquires of the scope determination section 32 about the scope value required for the target service (S102).
- Scope means scope in OAuth.
- Scope in OAuth means authority delegated to others.
- a value that can be specified for scope (that is, the scope or type of authority) is published in advance by the authorization server 20 as an API reference or the like.
- the list of scope values published in advance by the authorization server 20 will be referred to as a "default list”.
- the scope determination unit 32 determines the scope required for the target service in response to the inquiry by the RPOAuth unit 31.
- the determination by the scope determination unit 32 is performed based on preset setting information stored in the auxiliary storage device 102 or the like. That is, the setting information indicates the scope required for the target service.
- a qualifier related to the period in which the resource was generated For example, scope. ⁇ YYYY/MM/DD ⁇ modifier can be considered. This qualifier means limiting access to resources created on a specific date (YYYY/MM/DD). scope. ⁇ YYYY/MM/DD-YYYY/MM/DD ⁇ , the period during which the resource is generated may be limited. At this time, "MM/DD" and "DD" may be omitted.
- photo is one scope in the default list that indicates access rights to all photos
- a setting such as “photo.span2020-2021” is possible.
- “.span2020-2021” means a qualifier that limits the period of the photograph taken.
- the scope determination unit 32 responds to the RPOAuth unit 31 with the applied scope with a modifier (S103).
- the RPOAuth unit 31 responds to the RO terminal 40 with a redirect request for the authorization request including the scope with the modifier (S104).
- a redirect request can include scope as a parameter.
- the RO terminal 40 Upon receiving the response, the RO terminal 40 displays a screen asking the user whether or not the RP server 30 should cooperate with the authorization server 20.
- FIG. 5 is a diagram showing a display example of a screen for inquiring of the user about permission or disapproval of cooperation with the authorization server 20.
- FIG. 5 the part enclosed in ⁇ ⁇ is actually replaced with a specific service name or the like.
- Screen 510 includes menu 511 . When the menu 511 is clicked by the user, the state of the screen 510 becomes as shown in FIG.
- candidates 513 and 514 which are candidates for modifiers to be added to the scope with modifiers included in the redirect request, are displayed as options.
- Such a candidate may be a modifier excluding modifiers that have already been assigned to the scope from among the list of modifiers that can be assigned to the original scope of the scope with the modifier. If the user wishes to limit the authority to be granted to the RP server 30 on his or her own will, the user can select one of the candidates and limit the authority according to the candidate.
- the RO terminal 40 redirects the authorization request including the qualified scope to the authorization server 20 in response to the redirect request. (S105). Note that when the user selects the addition of a modifier via the screen 510 (when one of the modifier candidates is selected), the scope with the modifier is further given the added modifier. It becomes a thing.
- the ASOAuth unit 21 of the authorization server 20 Upon receiving the redirected authorization request, the ASOAuth unit 21 of the authorization server 20 sends a verification request for the scope with the qualifier to the scope verification unit 23 if the scope included in the authorization request is the scope with the qualifier. (S106).
- the scope verification unit 23 verifies the scope with the modifier in response to the verification request. For example, it is verified whether the scope is a scope for which a modifier is permitted, whether the value of the modifier is correct, and the like. That is, whether or not modifiers can be assigned, modifiers that can be assigned, and the like are defined in advance for each scope.
- the scope verification unit 23 transmits the verification result (OK or NG) to the ASOAuth unit 21 (S107). If the verification result is OK, step S108 and subsequent steps are executed, and if NG, step S108 and subsequent steps are not executed.
- step S108 the ASOAuth unit 21 performs authentication processing of the user of the RO terminal 40 (that is, the RO of the target resource) according to the conventional OAuth procedure.
- the ASOAuth unit 21 transmits to the RO terminal 40 an inquiry as to whether or not the authority indicated by the qualified scope can be delegated (S109).
- the RO terminal 40 displays a screen asking whether the authority can be delegated.
- FIG. 7 is a diagram showing a display example of a screen for inquiring about permission to transfer authority.
- the part enclosed in ⁇ ⁇ is actually replaced with a specific service name or the like.
- Screen 520 includes menu 521 .
- the menu 521 is clicked by the user, the state of the screen 520 becomes as shown in FIG.
- candidate 523 and candidate 524 which are candidates for modifiers to be added to scope with modifiers indicating the authority, are displayed as options.
- Such a candidate may be a modifier excluding modifiers that have already been assigned to the scope from among the list of modifiers that can be assigned to the original scope of the scope with the modifier. If the user wishes to limit his/her own authority, he/she can limit the authority according to the candidate by selecting one of the candidates.
- the RO terminal 40 transmits a response indicating permission to delegate authority to the authorization server 20 (S110).
- the response also includes a qualified scope. If the modifier has not been added by the user via the screen 520, the scope with the modifier is the same as that sent to the RO terminal 40 in step S109, and modified by the user via the screen 520. When a child is added, the added modifier is added.
- the scope setting unit 22 of the authorization server 20 sets the qualified scope included in the response to the ASOAuth unit 21 (S111). If the set qualified scope has been changed from the qualified qualified scope verified in step S106 (if the qualified has been added), the ASOAuth unit 21 A scope verification request is sent to the scope verification unit 23 (S112). The scope verification unit 23 verifies the scope with the modifier in response to the verification request. The content of the verification may be the same as the verification request in response to step S106. Subsequently, the scope verification unit 23 transmits the verification result (OK or NG) to the ASOAuth unit 21 (S113). If the verification result is OK, step S114 is executed, and if NG, step S114 is not executed.
- step S114 the ASOAuth unit 21 issues (transmits) an access token for the target resource to the RSOAuth unit 11 according to the procedure specified by OAuth.
- S114 means a procedure for issuing an access token to the RP server 30, and the specific processing procedure is to be read according to the OAuth grant type.
- the ASOAuth unit 21 stores the qualified scope corresponding to the access token.
- the storage method of the qualified scope corresponding to the access token may comply with the storage method of the scope corresponding to the access token in OAuth.
- the RP By exercising the access token (hereinafter referred to as the "target token"), the RP will be able to access the target resource.
- the access token hereinafter referred to as the "target token”
- the scope can be limited (qualifiers can be added to the scope) at the following three timings in the process before the access token is issued.
- Timing of making an authorization request on the RP server 30 side when the user uses the service of the RP server 30 The user limits the scope (adds a modifier to the scope) via the screen 510 .
- modifiers must be allowed to be added at all timings of (0) to (2) above, and modifiers can be added at any one or more timings. All you have to do is
- FIG. 10 is a flowchart for explaining an example of a processing procedure when exercising an access token.
- the processing procedure in FIG. 10 is executed, for example, after step S114 in FIG.
- step S201 the RPOAuth unit 31 transmits an access request to the target resource along with the target token to the resource server 10 as a procedure conforming to OAuth.
- the RSOAuth section 11 of the resource server 10 Upon receiving the access request and the target token, the RSOAuth section 11 of the resource server 10 sends a scope inquiry corresponding to the target token to the ASOAuth section 21 as a procedure conforming to OAuth (S202).
- the query includes the target token.
- the ASOAuth unit 21 transmits a response including the stored scope associated with the target token to the RSOAuth unit 11 (S203).
- the scope with modifier is included in the response.
- Specific contents of the response are, for example, as follows. "HTTP 200 OK Content-type: application/json ⁇ "scope”:"scope. ⁇ album_name ⁇ scope. ⁇ YYYY-MM-DD ⁇ ",... ⁇ ” That is, the response lists scopes corresponding to the target token, and assigns modifiers to the scopes.
- the RSOAuth section 11 executes processing (access to the target resource) according to the access request from the RPOAuth section 31 within the scope of the access authority (S206).
- the authority of the RPOAuth section 31 is limited based on the qualifier.
- the RSOAuth unit 11 transmits the access result to the target resource to the RPOAuth unit 31 (S207).
- the resource server 10 is an example of a resource management device.
- the authorization server 20 is an example of an authorization device.
- the RP server 30 is an example of an access device.
- the RSOAuth unit 11 is an example of an acquisition unit and an execution unit.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Description
例えば、リソースが写真の場合、
{scope}.{album_name}
という修飾子が考えられる。ここで、{scope}は、既定リストのいずれかの値であり、「.{album_name}」が修飾子を示す。当該修飾子は、album_nameに係る特定のアルバム内の写真のみにアクセスを限定することを意味する。
例えば、scope.{YYYY/MM/DD}
という修飾子が考えられる。当該修飾子は、特定の日付(YYYY/MM/DD)に生成されたリソースのみにアクセスを限定することを意味する。
scope.{YYYY/MM/DD-YYYY/MM/DD}
のように、リソースが生成された期間が限定されてもよい。この際、「MM/DD」や「DD」は省略されてもよい。
例えば、{scope}.{建物名、都道府県名など}
という修飾子が考えられる。当該修飾子は、特定の場所に関するリソースにのみアクセス権限を限定することを意味する。
「HTTP/1.1 302 Moved Temporarily
Location: https://[ASの認可エンドポイント(公開情報)]/authorize?response_type=code&scope=photo&client_id=...」
このように、本実施の形態では、リダイレクト要求にscopeがパラメータとして含まれ得る。
その結果として、ステップS103において修飾子付きscopeが応答される。
ユーザが、画面510を介してscopeを限定(scopeに修飾子を付与)する。
ユーザが、画面520を介してscopeを限定(scopeに修飾子を付与)する。
「HTTP 200 OK
Content-type:application/json
{ "scope":"scope.{album_name} scope.{YYYY-MM-DD}" ,…}」
すなわち、応答には、対象トークンに対応するscopeが列挙され、当該scopeに修飾子が付与される。
11 RSOAuth部
12 スコープ解析部
20 認可サーバ
21 ASOAuth部
22 スコープ設定部
23 スコープ検証部
30 RPサーバ
31 RPOAuth部
32 スコープ判定部
40 RO端末
100 ドライブ装置
101 記録媒体
102 補助記憶装置
103 メモリ装置
104 CPU
105 インタフェース装置
B バス
Claims (6)
- 或るリソースを管理するリソース管理装置と、前記リソースへアクセスするアクセス装置と、前記リソースに対するアクセス権限の委譲が前記リソースの所有者によって許可された場合に前記アクセス権限に対応するアクセストークンを前記アクセス装置に発行する認可装置とを含む情報処理システムであって、
前記リソース管理装置は、
前記アクセス装置からの前記アクセストークンを伴う前記リソースへのアクセス要求に応じ、当該アクセストークンに対応するアクセス権限の範囲を示す情報として、前記認可装置が予め公開するアクセス権限に対して修飾子が付与された情報を取得する取得部と、
前記修飾子によって限定されたアクセス権限の範囲で前記アクセス要求に応じた処理を実行する実行部と、
を有することを特徴とする情報処理システム。 - 前記修飾子は、前記アクセストークンが前記アクセス装置へ発行されるまでの前において、前記アクセス装置によって付与される、
ことを特徴とする請求項1記載の情報処理システム。 - 前記修飾子は、前記アクセストークンが前記アクセス装置へ発行される前において、前記リソースの所有者によって付与される、
ことを特徴とする請求項1又は2記載の情報処理システム。 - 或るリソースを管理するリソース管理装置であって、
前記リソースに対するアクセス権限の委譲が前記リソースの所有者によって許可された場合に認可装置から発行される前記アクセス権限に対応するアクセストークンを伴う前記リソースへのアクセス要求に応じ、当該アクセストークンに対応するアクセス権限の範囲を示す情報として、前記認可装置が予め公開するアクセス権限に対して修飾子が付与された情報を取得する取得部と、
前記修飾子によって限定されたアクセス権限の範囲で前記アクセス要求に応じた処理を実行する実行部と、
を有することを特徴とするリソース管理装置。 - 或るリソースを管理するリソース管理装置が、
前記リソースに対するアクセス権限の委譲が前記リソースの所有者によって許可された場合に認可装置から発行される前記アクセス権限に対応するアクセストークンを伴う前記リソースへのアクセス要求に応じ、当該アクセストークンに対応するアクセス権限の範囲を示す情報として、前記認可装置が予め公開するアクセス権限に対して修飾子が付与された情報を取得する取得手順と、
前記修飾子によって限定されたアクセス権限の範囲で前記アクセス要求に応じた処理を実行する実行手順と、
を実行することを特徴とするリソース管理方法。 - 或るリソースを管理するリソース管理装置に、
前記リソースに対するアクセス権限の委譲が前記リソースの所有者によって許可された場合に認可装置から発行される前記アクセス権限に対応するアクセストークンを伴う前記リソースへのアクセス要求に応じ、当該アクセストークンに対応するアクセス権限の範囲を示す情報として、前記認可装置が予め公開するアクセス権限に対して修飾子が付与された情報を取得する取得手順と、
前記修飾子によって限定されたアクセス権限の範囲で前記アクセス要求に応じた処理を実行する実行手順と、
を実行させることを特徴とするプログラム。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2023526690A JPWO2022259378A1 (ja) | 2021-06-08 | 2021-06-08 | |
PCT/JP2021/021784 WO2022259378A1 (ja) | 2021-06-08 | 2021-06-08 | 情報処理システム、リソース管理装置、リソース管理方法及びプログラム |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2021/021784 WO2022259378A1 (ja) | 2021-06-08 | 2021-06-08 | 情報処理システム、リソース管理装置、リソース管理方法及びプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022259378A1 true WO2022259378A1 (ja) | 2022-12-15 |
Family
ID=84425947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2021/021784 WO2022259378A1 (ja) | 2021-06-08 | 2021-06-08 | 情報処理システム、リソース管理装置、リソース管理方法及びプログラム |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2022259378A1 (ja) |
WO (1) | WO2022259378A1 (ja) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170034172A1 (en) * | 2015-07-30 | 2017-02-02 | Cisco Technology, Inc. | Token scope reduction |
JP2019200515A (ja) * | 2018-05-15 | 2019-11-21 | キヤノン株式会社 | 情報処理装置、情報処理方法、およびコンピュータプログラム |
WO2019240793A1 (en) * | 2018-06-14 | 2019-12-19 | Hewlett-Packard Development Company, L.P. | Access tokens with scope expressions of personal data policies |
-
2021
- 2021-06-08 WO PCT/JP2021/021784 patent/WO2022259378A1/ja active Application Filing
- 2021-06-08 JP JP2023526690A patent/JPWO2022259378A1/ja active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170034172A1 (en) * | 2015-07-30 | 2017-02-02 | Cisco Technology, Inc. | Token scope reduction |
JP2019200515A (ja) * | 2018-05-15 | 2019-11-21 | キヤノン株式会社 | 情報処理装置、情報処理方法、およびコンピュータプログラム |
WO2019240793A1 (en) * | 2018-06-14 | 2019-12-19 | Hewlett-Packard Development Company, L.P. | Access tokens with scope expressions of personal data policies |
Also Published As
Publication number | Publication date |
---|---|
JPWO2022259378A1 (ja) | 2022-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5357246B2 (ja) | 統合認証のためのシステム、方法およびプログラム製品 | |
US9407628B2 (en) | Single sign-on (SSO) for mobile applications | |
JP6066647B2 (ja) | デバイス装置、その制御方法、およびそのプログラム | |
JP6198477B2 (ja) | 権限移譲システム、認可サーバーシステム、制御方法、およびプログラム | |
US9374356B2 (en) | Mobile oauth service | |
JP6166596B2 (ja) | 認可サーバーシステムおよびその制御方法、並びにプログラム | |
EP2540051B1 (en) | Method for managing access to protected resources and delegating authority in a computer network | |
US9043591B2 (en) | Image forming apparatus, information processing method, and storage medium | |
US9143502B2 (en) | Method and system for secure binding register name identifier profile | |
US9626137B2 (en) | Image forming apparatus, server device, information processing method, and computer-readable storage medium | |
JP6061633B2 (ja) | デバイス装置、制御方法、およびそのプログラム。 | |
GB2489563A (en) | Long term delegation of cloud/server data/resource access authorisation to applications by establishing token request rights | |
JP2002334056A (ja) | ログイン代行システム及びログイン代行方法 | |
WO2015042349A1 (en) | Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service | |
JP2017220113A (ja) | 認可サーバー、制御方法、およびプログラム。 | |
JP2007048241A (ja) | アクセス制御システム、アクセス制御方法およびアクセス制御プログラム | |
JP2016115260A (ja) | 権限移譲システム、権限移譲システムに用いられる認可サーバー、リソースサーバー、クライアント、媒介装置、権限移譲方法およびプログラム | |
JP2000106552A (ja) | 認証方法 | |
JP4573559B2 (ja) | 分散認証システム、負荷分散装置及び認証サーバ、並びに負荷分散プログラム及び認証プログラム | |
WO2022259378A1 (ja) | 情報処理システム、リソース管理装置、リソース管理方法及びプログラム | |
WO2014070269A1 (en) | Methods and systems for managing directory information | |
Siriwardena et al. | UMA Evolution | |
JP2024010384A (ja) | シングルサインオン認証システムおよびシングルサインオン認証装置 | |
Wilson et al. | Sample Application with Custom API |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21945056 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18558449 Country of ref document: US Ref document number: 2023526690 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21945056 Country of ref document: EP Kind code of ref document: A1 |