US 11,888,856 B2
Secure resource authorization for external identities using remote principal objects
Charles Prakash Rao Dasari, Redmond, WA (US); Maksym Yaryn, Sammamish, WA (US); Debashis Choudhury, Redmond, WA (US); and Jeffrey A Staiman, Bellevue, WA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 21, 2022, as Appl. No. 18/069,626.
Application 18/069,626 is a continuation of application No. 16/887,893, filed on May 29, 2020, granted, now 11,570,181.
Prior Publication US 2023/0121372 A1, Apr. 20, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/104 (2013.01) [H04L 63/0853 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for authorizing access by a remote principal of a second domain to a secure data resource of a first domain of a domain host, the system comprising:
a processing system that includes one or more processors; and
at least one memory that stores program code to be executed by the processing system to perform a method, the method comprising:
verifying that the remote principal is identified as being associated with a group of the second domain represented in a remote principal object stored in a directory of the first domain at the domain host and inaccessible from the second domain, the group having at least one entitlement to the secure data resource as enumerated in a set of permissions and at least one associated access policy defined by the second domain;
generating an access token for the remote principal that includes the at least one entitlement; and
providing the access token to the remote principal to enable access to the secure data resource by the remote principal.