| CPC G06F 21/45 (2013.01) [G06F 21/604 (2013.01); H04L 63/101 (2013.01)] | 20 Claims |
|
1. A computer-implemented method, comprising:
providing an interface for receiving requests for management of first roles, at least some of which comprise managed lifecycle roles having role access information and role definitions that include one or more attributes and lifecycle definitions, wherein the interface provides for management of the first roles, and wherein for at least some of the first roles, the role access information or the one or more attributes for respective first roles are useable to determine whether requesting identities are authorized to use the respective first roles;
receiving, via the interface and for individual ones of the requests that request creation of a managed lifecycle role, specification of role definitions that include lifecycle definitions, wherein role access information or one or more attributes for respective ones of the managed lifecycle roles are changed over time, based on the respective lifecycle definitions included in the role definitions specified via the interface, and wherein determinations whether requesting identities are authorized to use respective ones of the managed lifecycle roles are based at least in part on the role access information or the one or more attributes for the respective managed lifecycle roles; and
responding to requests to validate individual ones of the managed lifecycle roles for identities with indications of whether, based on respective role access information or respective one or more attributes, the respective identities are authorized to use the respective managed lifecycle roles.
|