US 12,192,360 B2
Method and system for facilitating identity and access management in a cloud environment
Kabron Austin Kline, Grove City, OH (US); Godfrey Paul, Ramsgate (GB); Ily Zislin, New York, NY (US); Ian Mark Miller, London (GB); and Carl Dashfield, Columbus, OH (US)
Assigned to JPMORGAN CHASE BANK, N.A., New York, NY (US)
Filed by JPMorgan Chase Bank, N.A., New York, NY (US)
Filed on Jun. 28, 2022, as Appl. No. 17/809,334.
Claims priority of provisional application 63/203,206, filed on Jul. 13, 2021.
Prior Publication US 2023/0015246 A1, Jan. 19, 2023
Int. Cl. H04L 29/06 (2006.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/3213 (2013.01) [H04L 9/0866 (2013.01); H04L 9/3247 (2013.01); H04L 9/3271 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for facilitating identity and access management in a cloud environment based on a zero-trust configuration, the method being implemented by at least one processor, the method comprising:
retrieving, by the at least one processor via a job, at least one token from a corresponding identity provider, the job including at least one from among a unit of work and a unit of execution that corresponds to at least one change, and the identify provider provides principal authentication to other service providers within a federation;
retrieving, by the at least one processor via the job and in response to the at least one token and a change authorization identifier, a change authorization from a change management system, the change authorization including the at least one token and a signed change authorization;
retrieving, by the at least one processor via the job and in response to the at least one token and a change plan artifact path, a change artifact from an artifact repository, the change artifact including a signed change artifact;
requesting, by the at least one processor via the job, a change orchestrator to execute the at least one change, the request including at least one from among the at least one token, the change authorization, and the change artifact;
instructing, by the at least one processor via the change orchestrator, a service broker to execute the at least one change;
obtaining, by the at least one processor via the service broker, a root change authorization token for the at least one change; and
executing, by the at least one processor via the service broker and using the root change authorization token, the at least one change within the cloud environment,
wherein the service broker is implemented by an open service broker, and
wherein an authorized change initiator is required to directly request a first level of the open service broker to actuate the at least one change, and the authorized change initiator is required to submit a valid change authorization token with a request to the open service broker.