US 9,813,423 B2
Trust-based computing resource authorization in a networked computing environment
Kelly Abuelsaad, Poughkeepsie, NY (US); Lisa Seacat DeLuca, San Francisco, CA (US); Soobaek Jang, Hamden, CT (US); and Daniel C. Krook, Fairfield, CT (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Feb. 26, 2013, as Appl. No. 13/777,615.
Prior Publication US 2014/0245394 A1, Aug. 28, 2014
Int. Cl. H04L 29/06 (2006.01); H04L 9/32 (2006.01)
CPC H04L 63/104 (2013.01) [H04L 9/32 (2013.01); H04L 63/08 (2013.01); H04L 63/10 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A computer-implemented method for trust-based computing resource authorization in a networked computing environment, comprising:
receiving, in a computer memory medium, a request for a candidate virtual machine-to join the networked computing environment as a computing resource that becomes a part of the networked computing environment and is available for use by other users in the networked computing environment;
identifying, based on a parsing of contextual metadata, a set of authorizing virtual machines that includes a plurality of virtual machines previously joined to the networked computing environment;
communicating an authorization message to every one of the set of authorizing virtual machines, the authorization message comprising metadata describing a set of attributes of the candidate virtual machine;
receiving a set of responses from the set of authorizing virtual machines, the set of responses comprising a set of votes responsive to the request of the candidate virtual machine to join the networked computing environment, and an indication whether any of the set of authorizing virtual machines requests the candidate virtual machine be configured for a particular authorizing virtual machine of the set of authorizing virtual machines, the set of responses further comprising a set of qualifiers that suggest a set of permission levels for the candidate virtual machines;
making an authorization determination for the candidate virtual machine to join the networked computing environment based on the set of votes, wherein the candidate virtual machine is authorized to join the networked computing environment if the set of votes to allow the candidate virtual machine to join the networked computing environment is greater than the set of votes expressly voting not to allow the candidate virtual machine to join the networked computing environment; and
setting an authorization level for the candidate virtual machine based on the suggested set of permission levels.