Systems and Methods for Providing Automated Access to Resources of Computer Systems
US-2024430261-A1 · Dec 26, 2024 · US
Management of application access to directories by a hosted directory service
US2016094584A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016094584-A1 |
| Application number | US-201414499714-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 29, 2014 |
| Priority date | Sep 29, 2014 |
| Publication date | Mar 31, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations.
First claim
Opening claim text (preview).
What is claimed is: 1 . A directory management system comprising one or more physical computing devices, the directory management system configured to at least: receive directory access configuration information from each of a plurality of organizations separate from the directory management system, wherein the directory access configuration information received from individual organizations of the plurality of organizations reflects authorization of at least one application to perform at least one action using a network directory of the organization; establish communications with a first application of a plurality of available applications, the first application executing on one or more physical computing devices separate from a first organization of the plurality of organizations; determine, based at least partly on access configuration information received from the first organization, at least one action that the first application is authorized to perform using a network directory of the first organization; and enable the first application to perform the at least one action using the network directory of the first organization. 2 . The directory management system of claim 1 , wherein the network directory of the first organization comprises a collection of data regarding a plurality of resources of a computing network of the first organization, and wherein at least a portion of the data is organized into objects representing individual resources of the plurality of resources. 3 . The directory management system of claim 1 , wherein the network directory of the first organization comprises a directory physically stored on a premises of the first organization and remote from the directory management system. 4 . The directory management system of claim 1 , further configured to prohibit, based at least partly on the access configuration information received from the first organization, the application from performing a second action using the network directory of the first organization. 5 . A computer-implemented method comprising: as implemented by a directory management system comprising one or more computing devices, determining, for an application, a first policy regarding accessing a first directory of a first organization, wherein the application and the directory management system are each separate from the first organization; enabling, based at least partly on the first policy, the application to perform a first set of actions using the first directory; determining, for the application, a second policy regarding accessing a second directory of a second organization, wherein the application and the directory management system are each separate from the second organization, and wherein the second policy is different than the first policy; and enabling, based at least partly on the second policy, the application to perform a second set of actions using the second directory, wherein the second set of actions is different than the first set of actions. 6 . The computer-implemented method of claim 5 , wherein the first directory of the first organization comprises a collection of data regarding a plurality of resources of a computing network of the first organization. 7 . The computer-implemented method of claim 5 , wherein the first set of actions comprises at least one of: listing users; authenticating a user; creating a user; modifying a user; deleting a user; changing a password; creating a group; modifying a group; deleting a group; joining a computing device to a domain; reading a file; writing a file; creating a file; deleting a file; or modifying a storage structure. 8 . The computer-implemented method of claim 5 , further comprising determining the first policy based at least partly on application access configuration information received from the first organization. 9 . The computer-implemented method of claim 5 , wherein enabling the application to perform the first set of actions comprises: providing an application programming interface that the application uses to initiate individual actions; and accessing the first directory on behalf of the application to perform the individual actions. 10 . The computer-implemented method of claim 5 , wherein the first directory of the first organization comprises a directory physically stored on a premises of the first organization and remote from the directory management system. 11 . The computer-implemented method of claim 5 , wherein the first directory of the first organization comprises a directory physically stored at the directory management system. 12 . The computer-implemented method of claim 5 , further comprising prohibiting the application from performing an action using the first directory, wherein the application is permitted to perform the action using the second directory. 13 . Non-transitory computer-readable storage having stored thereon executable instructions configured to cause one or more physical computing devices of a directory management service to execute a process comprising: determining, for a first application, a first policy regarding accessing a directory of an organization, wherein the first application and the directory management system are each separate from the organization; enabling, based at least partly on the first policy, the first application to perform a first set of actions using the directory; determining, for a second application, a second policy regarding accessing the directory of the organization, wherein the second application is separate from the organization, and wherein the second policy is different than the first policy; and enabling, based at least partly on the second policy, the second application to perform a second set of actions using the directory, wherein the second set of actions is different than the first set of actions. 14 . The non-transitory computer-readable storage of claim 13 , wherein the directory of the organization comprises a collection of data regarding a plurality of resources of a computing network of the organization. 15 . The non-transitory computer-readable storage of claim 13 , the first policy being determined based at least partly on application access configuration information received from the organization. 16 . The non-transitory computer-readable storage of claim 13 , wherein enabling the first application to perform the first set of actions comprises: providing an application programming interface that the first application uses to initiate individual actions; and accessing the directory on behalf of the first application to perform the individual actions. 17 . The non-transitory computer-readable storage of claim 13 , wherein the directory of the organization comprises a directory physically stored on a premises of the organization and remote from the directory management system. 18 . The non-transitory computer-readable storage of claim 13 , wherein the directory of the organization comprises a directory physically stored at the directory management system and remote from the organization. 19 . The non-transitory computer-readable storage of claim 13 , the process further comprising prohibiting the first application from performing an action using the directory, wherein the second application is permitted to perform the action using the directory. 20 . The non-transitory computer-readable storage of claim 13 , wherein the organization maintains a plurality of different directories, and wherein the first application is permi
Assignees
Inventors
Classifications
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016094584A1 cover?
- Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-pr…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Mar 31 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).