Systems and methods of a metadata orchestrator augmenting application development
US-10521223-B1 · Dec 31, 2019 · US
Method for managing a cloud computing system
US2020195649A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2020195649-A1 |
| Application number | US-201816606952-A |
| Country | US |
| Kind code | A1 |
| Filing date | Apr 13, 2018 |
| Priority date | Apr 21, 2017 |
| Publication date | Jun 18, 2020 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for managing a cloud computing system, capable of allocating computing and network resources to a plurality of clients, each client being associated with at least one user likely to access the computing and network resources allocated to the client by the cloud computing system. This method includes, for at least one client of the cloud computing system: providing to the client a meta-model having a plurality of elements defining an access control model and an access control policy for the client; receiving an instance of the meta-model provided by the client, this instance defining, for the client, an access control model and an access control policy based on this access control model; and applying the access control policy to control an access of a user of the client to at least one resource allocated to the client by the cloud computing system.
First claim
Opening claim text (preview).
1 . A method for managing a cloud computing system, able to allocate computing and network resources to a plurality of clients, each client being associated with at least one user likely to access computing and network resources allocated to the client by the cloud computing system, said method comprising performed by at least one hardware element of the cloud computing system, for at least one client of the cloud computing system: providing, to said client, a meta model comprising a plurality of elements allowing to define an access control model and an access control policy for the client; receiving an instance of the meta-model provided by the client, said instance defining for said client an access control model and an access control policy based on this access control model; and applying said access control policy to control access of a user of the client to at least one resource allocated to the client by the cloud computing system. 2 . The management method according to claim 1 , wherein the plurality of elements of the meta-model comprises: a perimeter of the access control model defining a plurality of entities involved in the access control policy of the client; metadata defining, for each entity, at least one attribute category associated with that entity; data defining possible values for each attribute category defined by the metadata; at least one metarule identifying one or several attribute categories defined by the metadata and used to provide an instruction in accordance with the access control policy of the client; at least one access control rule based on said at least one metarule and providing an instruction in accordance with the access control policy of the client; and a set of values assigned by the client to each entity defined for this client in the perimeter of the access control model, for each attribute category associated with this entity and comprised in a meta-rule, said assigned values being selected from the data. 3 . The method according to claim 2 , wherein said plurality of entities comprises at least one subject, and/or at least one object, and/or at least one action. 4 . The method according to claim 2 , wherein at least one attribute category defined for an entity is selected from: a security level; a role; a type; and a field. 5 . The method according to claim 2 , wherein at least one instruction provided by said at least one rule comprises an authorization or a denial of access to a determined resource allocated to the client by the cloud computing system. 6 . The method according to claim 1 , wherein the instance of the meta-model is provided by said client via a configuration interface of the cloud computing system common to said plurality of clients. 7 . The method according to claim 1 , wherein the instance of the meta-model provided by the client defines an access control model of the RBAC, OrBAC, ACL, DTE, ABAC or MLS type. 8 . A method for instantiating, by a client, a cloud computing system able to allocate computing and network resources to a plurality of clients, each client being associated with at least one user likely to access the computing and network resources allocated to the client by the cloud computing system, said method comprising: obtaining a meta model provided by the cloud computing system and comprising a plurality of elements allowing to define an access control model and an access control policy for the client; instantiating the meta-model creating an instance defining for said client an access control model and an access control policy based on this access control model; and providing said instance to the cloud computing system. 9 . The instantiation method according to claim 8 wherein the plurality of elements of the meta-model comprises: a perimeter of the access control model defining a plurality of entities involved in the access control policy of the client; metadata defining, for each entity, at least one attribute category associated with that entity; data defining possible values for each attribute category defined by the metadata; at least one metarule identifying at least one attribute category defined by the metadata and used to provide an instruction in accordance with the access control policy of the client; at least one access control rule defining said at least one metarule and providing an instruction in accordance with the access control policy of the client; and a set of values assigned by the client to each entity defined for this client in the perimeter of the access control model, for each attribute category associated with this entity and comprised in a metarule, said assigned values being selected from the data. 10 . (canceled) 11 . (canceled) 12 . A cloud computing system able to allocate computing and network resources to a plurality of clients, each client being associated with at least one user likely to access computing and network resources allocated to the client by the cloud computing system, said system comprising: a processor; and a non-transitory computer-readable medium comprising instructions stored thereon, which when executed by the processor configure the cloud computing system to: provide at least one client of the cloud computing system with a meta-model comprising a plurality of elements allowing to define an access control model and an access control policy for the client; receive an instance of the meta-model provided by the client, said instance defining for said client an access control model and an access control policy based on this access control model; and apply said access control policy to control an access of a user of the client to at least one resource allocated to the client by the cloud computing system. 13 . A device of a client of a cloud computing system able to allocate computing and network resources to a plurality of clients, each client being associated with at least one user likely to access the computing and network resources allocated to the client by the cloud computing system, said device comprising: a processor; and a non-transitory computer-readable medium comprising instructions stored thereon, which when executed by the processor configure the cloud computing system to: obtain a meta model provided by the cloud computing system and comprising a plurality of elements allowing to define an access control model and an access control policy for the client; create an instance of the meta-model defining for said client an access control model and an access control policy based on this access control model; and provide said instance to the cloud computing system. 14 . (canceled) 15 . (canceled)
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Office automation; Time management · CPC title
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
Clustering; Classification · CPC title
Resource planning, allocation, distributing or scheduling for enterprises or organisations · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2020195649A1 cover?
- A method for managing a cloud computing system, capable of allocating computing and network resources to a plurality of clients, each client being associated with at least one user likely to access the computing and network resources allocated to the client by the cloud computing system. This method includes, for at least one client of the cloud computing system: providing to the client a meta-…
- Who is the assignee on this patent?
- Orange
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).