| CPC H04L 63/105 (2013.01) [H04L 63/0853 (2013.01); H04L 63/20 (2013.01)] | 24 Claims |
|
1. A method for access management in a cloud-services computing environment, the method comprising:
receiving, by a resource managing service, a request to access resources of a resource directory managed by the resource managing service, wherein the request includes a token for identity authentication of a user;
in response to reading the token, determining a container membership associated with the user, wherein the container membership maps the user to a container from a set of containers for the resource directory, wherein the container groups a set of resources in a tree data structure of the resource directory;
filtering access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory; and
in response to the filtering, providing access to the set of resources from the resource directory based on the received request.
|