DATA FLOW-ORIENTED ACCESS CONTROL

Abstract

A system and method including generating, by a first service on an application stack, a first service request to invoke a second service, the first service having a first access context associated therewith that defines authorization checks related to functions performed by and data processed by the first service; transmitting the first service request from the first service to an access control service with the first access context; receiving, from the access control service, a second access context defining authorization checks relevant to functions and data processing to be performed by the second service to fulfill the first service request; and transmitting the first service request in combination with the second access control to the second service, the second service being enabled to execute the service request using authorization checks defined in the second access context.

CPC Classifications