| CPC H04L 63/105 (2013.01) [G06F 21/6218 (2013.01); H04L 63/08 (2013.01)] | 18 Claims |
|
1. A method, comprising: identifying a requested action to be performed on behalf of a user for a remote asset; identifying a role mapped to the requested action, the user being bound to the role for the requested action to be performed, wherein the role is an identifier providing a level of indirection between authenticated users and credentials for accessing service provider resources that support remote assets, wherein the credentials are embedded within or instantiated as a variable in a role data structure of the role, at a remote asset manager, and wherein multiple different credentials are associated with the role;
encrypting the credentials using a key assigned to the remote asset manager to create encrypted credentials;
caching the encrypted credentials and action-role mappings of the role data structure as session data;
in response to identifying the requested action, querying the session data to identify an action-role mapping between the requested action and the role;
utilizing the action-role mapping to identify the encrypted credentials;
decrypting the encrypted credentials to access the credentials for accessing the remote asset
extracting credentials from the role data structure of the role mapped to the requested action to be performed on behalf of the user;
receiving, by a gateway, a request from the remote asset manager that provides access to remote assets supported by a cloud service provider, wherein the request includes the credentials and the requested action;
identifying, by the gateway, the remote asset targeted by the request; and
routing, by the gateway, the request to the remote asset, wherein the requested action is performed for the remote asset based upon the credentials.
|