US Patent Application 17829231. DECENTRALIZED ATTRIBUTE-BASED ACCESS CONTROL simplified abstract
Contents
DECENTRALIZED ATTRIBUTE-BASED ACCESS CONTROL
Organization Name
Microsoft Technology Licensing, LLC==Inventor(s)==
[[Category:Peter Koen of Trausdorf an der Wulka (AT)]]
[[Category:Babak Ghane Jahromi of Redmond WA (US)]]
[[Category:Pamela Dingle of Redmond WA (US)]]
[[Category:Stefanus Martinus Van Der Wiele of Alkmaar (NL)]]
[[Category:James Marino of Newtown PA (US)]]
[[Category:Paul Latzelsperger of Upper Austria (AT)]]
DECENTRALIZED ATTRIBUTE-BASED ACCESS CONTROL - A simplified explanation of the abstract
This abstract first appeared for US patent application 17829231 titled 'DECENTRALIZED ATTRIBUTE-BASED ACCESS CONTROL
Simplified Explanation
This patent application describes a system and method for decentralized attribute-based access control in a federation. Here are the key points:
- The system allows for a decentralized federation where members can control access to their resources based on attributes.
- A request is made to a federation authority to obtain a list of unique identifiers (IDs) associated with members in the federation.
- For each unique ID, the system determines the communication information needed to contact the corresponding member.
- The system then sends a request to each member for a list of available services.
- The first member provides a set of verifiable credentials to the second member, which are used to determine the available services.
- The second member uses a set of policies and rules to determine the final list of available services.
- The list of available services is received from the second member.
Overall, this patent application describes a system that enables decentralized control over access to resources within a federation, using attributes, verifiable credentials, and policies/rules.
Original Abstract Submitted
Embodiments of the present disclosure include systems and methods for providing a decentralized federation for attribute-based access control. A request for a list of unique identifiers (IDs) associated with members belonging to the federation is sent to a federation authority. For a unique ID in the list of unique IDs associated with a second member belonging to the federation, a set of communication information for communicating with the second member is determined. Based on the set of communication information associated with the second member, the second member is sent a request for a list of available services. The second member is provided a set of verifiable credentials associated with the first member. The second member determines the list of available services based on the set of verifiable credentials and a set of policies and rules. The list of available services is received from the second member.