Embodiments of the present invention relate generally to methods and systems for authorizing a request to access a resource and more particularly to authorizing a request to access a resource based on a context of the request.
Access to and use of resources such as network resources can be controlled in a number of different ways. For example, an Access Control List (ACL) can be used to control access to a resource identified in the list. Generally speaking, the ACL is a list or set of data defining permissions, e.g., read, write, execute, for a user or group of users to access a specific resource. The requesting user is then granted or denied permission to access the requested resource based on the roles or permissions defined for that user or user's group defined in the ACL. In another example, Authentication, Authorization, and Accounting (AAA) systems can be used to authorize a request for a resource. Generally speaking, the AAA system, upon receiving or detecting a request for a resource, can authenticate the requester, i.e., identify the requester as who he claims to be, and authorize the request. Again, the requester is granted or denied permission for the request by mapping the requestor's identify and the requested access to roles and rights defined for the resource.
However, these different approaches to controlling access to a resource have some limitations. For example, while these systems consider the identity of the requester, the resource or data requested, and the functions to be performed, i.e., read, write, execute, they do not consider a broader context of the request. That is, these systems do not consider such factors as what the requester plans to do with the data, why the requestor is requesting the operation, under what condition(s) is the requestor making the request, on whose behalf is the requester making the request, etc. Thus, there are no generic ways to provide authorization of an operation for a particular usage or within a particular context. Hence, there is a need for improved methods and systems for authorizing a request to access a resource based on a context of the request.