Microsoft Corporation
SYSTEM AND METHOD FOR EXTERNALLY-DELEGATED ACCESS CONTROL AND AUTHORIZATION

Abstract:

Methods for externally-delegated access control and authorization of applications and resources are performed by systems and devices. A request for access by a user to a resource of a first application is received from a client device. A memory data structure that associates the resource of the first application with an application identifier and permission information is accessed to obtain the application identifier and the permission information. A query is provided to a second application, identified by the application identifier, which has a different authorization model than the first application. The query includes a user identifier and the permission information. The second application performs a permission check and authorization for the user based on the query. A query response that includes an access indication is the received from the second application. The request is granted or denied based on the access indication.