| CPC H04L 63/10 (2013.01) [G06F 21/45 (2013.01); G06F 21/62 (2013.01); H04L 63/08 (2013.01); H04L 63/20 (2013.01); H04L 67/50 (2022.05); H04L 67/10 (2013.01)] | 21 Claims |
|
1. A computer-implemented method comprising:
in a computing system supporting a plurality of accessing tenants accessing genomic computing services in a software-as-a-service platform that orchestrates access to genomic digital data resources via policy-based access control,
discovering a cloud provider account for an identity accessing the software-as-a-service platform;
sending a request to a credentials management service for limited temporary derived credentials valid for the cloud provider account;
receiving the limited temporary derived credentials valid for the cloud provider account, wherein the limited temporary derived credentials are based on a policy-based access control definition, the limited temporary derived credentials are limited to rights permitted in the policy-based access control definition, the limited temporary derived credentials are based on underlying credentials, and the limited temporary derived credentials provide more limited access than the underlying credentials; and
providing the limited temporary derived credentials for use by the identity; wherein:
the limited temporary derived credentials based on the policy-based access control definition are generated based on underlying credentials provided via cloud provider account management, the limited temporary derived credentials are valid for the cloud provider account, and the limited temporary derived credentials provide access to the genomic digital data resources;
the software-as-a-service platform is configured to support a specified cloud provider type selected from multiple different cloud provider types as specified by an administrative service;
the underlying credentials are persisted in a credentials object;
the credentials object stores the specified cloud provider type selected from the multiple different cloud provider types for the underlying credentials; and
the specified cloud provider type selected from among the multiple different cloud provider types is provided during cloud provider account discovery;
wherein:
the method further comprises storing, by the cloud provider account, a genomic digital data resource;
access to the genomic digital data resource is controlled by a role identifier linked to a policy-based access control definition; and
the method further comprises:
responsive to a request for access to the genomic digital data resource, providing the role identifier specified in the policy-based access control definition for the request for access.
|