DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responsive to communication received on 05/12/2022. Claims 1-20 are pending and stand as originally filed. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 8-13, 15, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over To US 10,318,265 and further in view of Cleaver US 2017/0214696 and Roth US 2016/0352753.
Regarding claims 1 and 10, To teaches a method and system implemented by a cloud services platform, comprising: determining that a first customer of the cloud services platform has deployed a first template published by a service provider to an environment of the first customer(a customer of an organization can deploy  application/service using templates created by a service provider within the same organization or another organization, Col3 Lines 15-37 ) 
["The deployment template may include a description of the deployable unit, a description of resources of a provider network to which deployment is permissible (e.g., instance types and/or resource types), an indication of the regions of a provider network to which deployment is permissible, an indication of inputs and outputs for deployment, an indication of dependencies on other resources, an indication of suitable parameters for deployment, and/or other suitable metadata. The deployment template for the deployable unit may be generated automatically and/or programmatically based on analysis of the deployable unit and potentially based on user input that is solicited as part of the generation of the deployment template. The deployment template may be added to a service catalog. Upon selection of the deployment template in the service catalog, the deployable unit may be deployed to one or more resources of a multi-tenant provider network based (at least in part) on the deployment template, e.g., by following the directives of the deployment template. In this manner, software products of various types (and potentially of an arbitrary type) may be wrapped in a deployment template and added to a service catalog without the requirement for an administrator or other user to create a deployment template manually.", Col 3 Lines 15-37]
["As noted above, in some embodiments, customers of a service provider (e.g., buyers or IT administrators within an enterprise) may be able to discover and subscribe to third party desktop applications (or desktop applications that have been purchased or licensed from a third party by the service provider) on-demand and make them available to their end users on virtual desktop instances. In addition, an IT administrator of a customer may be able to publish and manage the customer's own line-of-business desktop applications, which may be accessible only for their end users.", Col; 5 Lines 7-17]
the first template specifying provider permissions for a first cloud resource allocated to the environment of the first customer(template contain metadata that further define permissions, identifies configuration information for the instance that will be deployed when the template is instantiated, Col29 Lines 42-67) ; 
["In general, the deployment template 510 may specify the resources that will be used to execute a software product (represented by the deployable unit) on behalf of an end user of a service provider customer and a set of metadata for the resource stack. For example, the resources may include one or more compute node instances (or other modules) that will be used to execute the server application, a set of database instances that will store the data processed by the server, and load balancers for distributing request traffic or other resources. The metadata may include configuration files (which may contain the identities and/or setting for various resources of the resource stack), connectivity/dependencies, user identity and/or permissions information, alarms, tags, or other information. The resource stack may comprise resources available from the service provider. The deployment template (also referred to as a resource stack template) may also include information about how the resources are to be linked together in the resource stack and how the resources are to be configured. When a resource stack is created, it may be created in accordance with the information contained in the deployment template. For example, creating a server product from a deployment template may include determining the dependencies between the resources and an order in which the resources should be instantiated (e.g., provisioned using service provider resources), dependent on the deployment template." Col 29 Lines 42-67]
responsive to determining that the first customer of the cloud services platform has deployed the first template(user launches temple with IAM role Col 38 Line 39-52) , 
To teaches use of roles defined in a template to set permissions for who and what can be done to resources of a deployed template but does and teaches end user can be granted roles but does not teach granting roles to service providers. Thus To does not teach associating an identifier of the service provider with the first cloud resource, the associating indicating that the first customer has allowed the service provider to manage the first cloud resource.  Cleaver is the same field of endeavor teaches a system for role based control of access permissions. Cleaver teaches associating an identifier of the service provider with the first cloud resource, the associating indicating that the first customer has allowed the service provider to manage the first cloud resource(A service provider identity is given certain roles, such role and service provider identify allows for granting i.e association of the service provider id to roles, ¶s abs,48,51,66) . 
["Role based access control (RBAC) identity management tools, computing systems, computer products and methods of abstracting individual users from the role assignment and revalidation process of traditional RBAC. The RBAC tools, products and systems of the present disclosure organize and manage multi-tenanted networks and cloud computing environments by organizing individual users by service providers having a single or unified identity, which are separately managed by the service provider owners. The service provider identities are treated as a single service provider entity applying for one or more roles in the multi-tenant system, allowing for a simplified role revalidation that no longer requires managers of tenants in a multi-tenant network to approve the role assignment of each individual user, because the tenants and tenant managers are unaware of the users identities that make up the service provider identity.", ¶abs]
[" As shown in FIG. 4a and FIG. 4b, each individual user 401 does not directly apply for a role created by a tenant manager. The individual user is not even identifiable to the tenant managers. Instead, the service provider identity is treated as a single unified entity when the service provider applies for one or more roles created by the tenant managers 409a, 409b for each individual tenant of the multi-tenant network. In some embodiments, the service provider identity may apply for a plurality of roles with a plurality of tenants 407a, 407b.", ¶48]
[“The RBAC identity management tools have simplified the role assignment process by making individual user assignments by the tenant managers 409a, 409b obsolete. Each of tenant managers 409a, 409b assigning roles to a service provider identity data set relies on the group owner 405a, 405b to maintain the data set with the appropriate user memberships within the service provider identity, while the tenant mangers determine whether or not the service provider is worthy of being granted membership to the roles having permissions to access the appropriate secured resources 413. Accordingly, a service provider identity dataset may be consistently updated to replace a previous dataset without requiring a tenant manager to make a subsequent approval of the updated service provider identity dataset into the role dataset. A service provider owner may dynamically keep the users currently active within a service group up to date as the service provider expands, hires, contracts or even loses employees who may be the individual user so of the service provider identity.”, ¶51]
["Subsequently, in step 509, the owner or manager 405 of the service provider identity may request to be added to one or more roles created by a tenant manager of each tenant in a multi-tenant network. The service provider owner 405 may request that the tenant manager add the service provider identity dataset to a role specific dataset. In step 511, each of the tenant managers receiving a request from the service provider owner, may respond to each request by inputting data into the RBAC identity management tools instructing the RBAC identity management whether or not the service provider identity will be added to the requested role datasets.", ¶66]

It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify To with assigning provider service identity to roles as taught by Cleaver to the IAM roles of To. The reason for this modification would be allow tenant managers to sett permission for service providers to manage/configure the tenant network without having to grant such permissions individualy(see Cleaver Abstract).
	
To/Cleaver do not teach use of access tokens and thus does not teach receiving a first request to perform an action with respect to the first cloud resource, the first request comprising an access token that comprises the identifier of the service provider; determining whether the service provider identified by the access token is associated with the first service provider permissions, and responsive to determining that the service provider identified by the access token is associated with the first service provider permissions, permitting the action to be completed with respect to the first cloud resource. Roth in the same field of endeavor teaches a system for delegation of permissions in multi-tenant cloud services. Roth teaches receiving a first request to perform an action with respect to the first cloud resource, the first request comprising an access token(token ¶21) that comprises the identifier(identifier ¶22) of the service provider; determining whether the service provider identified by the access token is associated with the first service provider permissions(a token containing data such as an identifier and roles are used to determine permission that a user account which can be customer or provider has and what actions is allow under the token, ¶s21-23, 49,73)  
[" FIG. 1 is a high level illustration of an environment 100 in which one or more delegation profiles can be selected and/or dynamically determined to enable a customer to delegate permissions to one or more end user devices or other external entities, in accordance with various embodiments. As illustrated, a resource provider environment 102 can include one or more secured resources 104 of various types, as may be used to support various services and/or applications. These resources can include physical and/or virtual resources, such as application or data servers or server instances, among other such resource types. A customer 124 of the resource provider environment 102 can obtain an account with the resource provider environment, enabling the customer 124 to access one or more of the secured resources 104 across at least one appropriate network 114. The customer in some embodiments can utilize these resources to support applications and services that might be utilized by one or more external entities 116, such as end users of those applications and services.", ¶21]
[" When an account is created for the customer, at least one delegation profile 106 can be created or otherwise associated with the account for the customer. The account is maintained by the resource provider environment on behalf of the customer, and the account can designate one or more principals of the customer 124 and a set of the shared resources (e.g., 104) that those principals can access and use. The delegation profile 106 can be created or selected by an authorized user (e.g., an administrator) associated with the account and/or customer. In accordance with an embodiment, an example delegation profile 106 includes a name 108 or identifier, at least one validation policy 110, and at least one authorization policy 112. The name 108 can be a string or any other identifier that is used to refer to the delegation profile.", ¶22]

[" In accordance with an embodiment, a customer 124 associated with an account is able to provide the delegation profile to an external entity 106, such as an end user or a service. For example, the customer 124 may provide a reference to the delegation profile to the external entity 116. The external entity 116 can then obtain credentials 122 to act as an authorized user under the account by way of the delegation profile 106. For example, the external entity 116 may use the reference to the delegation profile 106 and request the credentials 122 from a security service 116, federation system, or other authorized entity that has access to a copy of the credentials 120. The security service (or other identity or federation management entity) can verify whether the validation policy defined in the delegation profile properly identifies the external entity 116 as being allowed to assume the delegation profile. If the external entity 116 is verified, the security service can issue the set of credentials 122 that can be used by the external entity to perform actions on resources 104 associated with the account, subject to the permissions specified in the authorization policy 110.", ¶23]
[“In at least some embodiments, there can be different roles assigned to entities associated with the same user identifier or credentials, where each of those roles can be associated with a different delegation profile. For example, a user providing identity information to an identity service can receive a credential such as an authentication token. If that user then submits a request with that credential to a set of resources associated with a customer, the user can obtain an assumed role that enables the user to obtain a first level of access associated with that role under the appropriate delegation policy. If the user utilizes an application associated with a third party that makes a similar request to those resources using that credential, a different role can be assumed wherein access can be granted but a second, limited type of access granted based on the role being that of a party or entity acting on behalf of the user. If the third party has a relationship with the provider, a third role might be assumed wherein a level of access might be granted that can in some cases exceed that of the user without the third party relationship. Various other roles can be utilized as well. In at least some embodiments, the roles will be assigned or determined using the respective credential and information regarding a source of the request, a type of entity, a delegation profile to be used, or other such information. In at least some embodiments, the same user credential issued by an identity service can be used by multiple entities in a distributed, multiple provider environment, for example, wherein different roles and levels of access can be assigned for the same credential based at least in part upon the type of entity presenting the credential and/or a relationship of that entity to the respective provider. Further, such an approach can enable different levels of access across accounts of multiple customers of the same, or different, providers.”, ¶49]
[“For example, the external service may submit the request to a security token service and the request may indicate the delegation profile. The set of credentials can be issued to the external service if the external service was verified as having been designated a proper security principal in the validation policy of the delegation profile. These credentials can enable requests to be made within the context of an identity within the account, wherein the permissions granted to the service are based on the capabilities specified in the delegation profile.”, ¶73]
and responsive to determining that the service provider identified by the access token is associated with the first service provider permissions, permitting the action to be completed with respect to the first cloud resource(tokens are used to verify permission delegated to a user to perform actions and if verified actions are permitted, ¶16 such actions may be management actions such as scaling up/down resources, ¶71).
["Once a delegation profile has been created and assigned to a customer account, permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s). Thereafter, the customer can use the delegation profile by providing references to the delegation profile to external entities, such as end users or external services, or the customer can provide policies or rules that can be used to determine that the profile should be used for those end users, entities, or services. If an external entity is provided with a reference to the delegation profile, the entity can use the reference to obtain a set of credentials for performing certain actions in the account. For example, an end user can submit a request for credentials to an identity service, such as a security token service, where the request includes a reference to the delegation profile. The security token service can verify whether the end user is one of the security principals that were specified in the validaion policy of the delegation profile. If the user was specified as a security principal, the security token service can provide the end user with a set of credentials. These credentials enable requests to be made within the security context of the delegation profile in the account, subject to the permissions that were specified in the authorization policy. If the end user was not provided with a reference to a delegation profile, the end user can submit a request without the reference and information included in the request can enable a determination of the proper delegation profile to apply. The determination can include, for example, performing a lookup based at least in part upon one or more aspects of the request and/or based at least in part upon one or more aspects of the end user. In some embodiments, the end user can be identified by a security service or federation provider indicated by the delegation profile. In other embodiments, the delegation profile can include a reference to a security serviceor other authority that is capable of identifying the users, or types of users, for which that delegation profile should be utilized. In some embodiments the permissions can be determined in accordance with one or more rules that map attributes asserted by the security service or other authority to one or more permissions elements.", ¶16]
["Once the delegation profile has been created, the administrator may grant the use of the profile to user of the account named “Bob” such as by including a statement “profile:useprofile” under Bob's identity in the account. After the user Bob has been granted the right to use the profile, Bob may invoke a scaling service to create a scaling group “Group1” (or any other resource modeled within the scaling service), passing in the unique identifier of “profile1” as an argument to the scaling service. For example, the scaling group “Group1” may be a resource modeled within the scaling service that is associated with a group of specific computing instances that should be managed (i.e., expanded or shrunk in number) by the scaling service. Another example of a resource modeled within a service may be code running on a computing instance that may need to invoke a resource in the account acting under the guise of the delegation profile.", ¶71]

It would have been obvious to a person of ordinary skill in the art at the time of the filing to modify template based deployment and administration of deployed services containing roles defining, with token based authentication of user roles/permissions to grant users serving a service provider role access to manage a customer network as taught by Roth . The reason for this modification would be to provide a way to allow users in another customer/organization acting as a service provider to manage to resources of a customer acting as a buyer/consumer of computer resources.
Regarding claims 2 and 11, the combination of To/Cleaver/Roth is discussed above the system of Roth anticipates multiple tenants acting as buyers and providers of template deployed resources.  A first tenant acting as a service provider could provide services to more than one tenant acting as a customer. Thus the combination of To/Roth can be applied to a second customer tenant to  teach further comprising: determining that a second customer of the cloud services platform has deployed a second template published by the service provider to an environment of the second customer(a customer of an organization can deploy  application/service using templates created by a service provider within the same organization or another organization, Col3 Lines 15-37 ) 
["The deployment template may include a description of the deployable unit, a description of resources of a provider network to which deployment is permissible (e.g., instance types and/or resource types), an indication of the regions of a provider network to which deployment is permissible, an indication of inputs and outputs for deployment, an indication of dependencies on other resources, an indication of suitable parameters for deployment, and/or other suitable metadata. The deployment template for the deployable unit may be generated automatically and/or programmatically based on analysis of the deployable unit and potentially based on user input that is solicited as part of the generation of the deployment template. The deployment template may be added to a service catalog. Upon selection of the deployment template in the service catalog, the deployable unit may be deployed to one or more resources of a multi-tenant provider network based (at least in part) on the deployment template, e.g., by following the directives of the deployment template. In this manner, software products of various types (and potentially of an arbitrary type) may be wrapped in a deployment template and added to a service catalog without the requirement for an administrator or other user to create a deployment template manually.", Col 3 Lines 15-37]
["As noted above, in some embodiments, customers of a service provider (e.g., buyers or IT administrators within an enterprise) may be able to discover and subscribe to third party desktop applications (or desktop applications that have been purchased or licensed from a third party by the service provider) on-demand and make them available to their end users on virtual desktop instances. In addition, an IT administrator of a customer may be able to publish and manage the customer's own line-of-business desktop applications, which may be accessible only for their end users.", Col; 5 Lines 7-17]

 the second template specifying second service provider permissions for a second cloud resource allocated to the environment of the second customer(A second IAM role for a second template can be defined by the tenant mangers, Col29 Lines 42-67) ; 
["In general, the deployment template 510 may specify the resources that will be used to execute a software product (represented by the deployable unit) on behalf of an end user of a service provider customer and a set of metadata for the resource stack. For example, the resources may include one or more compute node instances (or other modules) that will be used to execute the server application, a set of database instances that will store the data processed by the server, and load balancers for distributing request traffic or other resources. The metadata may include configuration files (which may contain the identities and/or setting for various resources of the resource stack), connectivity/dependencies, user identity and/or permissions information, alarms, tags, or other information. The resource stack may comprise resources available from the service provider. The deployment template (also referred to as a resource stack template) may also include information about how the resources are to be linked together in the resource stack and how the resources are to be configured. When a resource stack is created, it may be created in accordance with the information contained in the deployment template. For example, creating a server product from a deployment template may include determining the dependencies between the resources and an order in which the resources should be instantiated (e.g., provisioned using service provider resources), dependent on the deployment template." Col 29 Lines 42-67]

 responsive to determining that the second customer of the cloud services platform has deployed the second template(user launches temple with IAM role Col 38 Line 39-52)
associating the identifier of the service provider with the second cloud resource, the associating indicating that the second customer has allowed the service provider to manage the second cloud resource (A service provider identity is given certain roles, such role and service provider identify allows for granting i.e association of the service provider id to roles,  a second tenant manager can define a second role to the same service provider identity grant a role to the service provider ¶s abs,48,51,66) .
["In general, the deployment template 510 may specify the resources that will be used to execute a software product (represented by the deployable unit) on behalf of an end user of a service provider customer and a set of metadata for the resource stack. For example, the resources may include one or more compute node instances (or other modules) that will be used to execute the server application, a set of database instances that will store the data processed by the server, and load balancers for distributing request traffic or other resources. The metadata may include configuration files (which may contain the identities and/or setting for various resources of the resource stack), connectivity/dependencies, user identity and/or permissions information, alarms, tags, or other information. The resource stack may comprise resources available from the service provider. The deployment template (also referred to as a resource stack template) may also include information about how the resources are to be linked together in the resource stack and how the resources are to be configured. When a resource stack is created, it may be created in accordance with the information contained in the deployment template. For example, creating a server product from a deployment template may include determining the dependencies between the resources and an order in which the resources should be instantiated (e.g., provisioned using service provider resources), dependent on the deployment template." Col 29 Lines 42-67]
["As previously noted, products selected from the enterprise catalog service and launched on behalf of end users may be provisioned and/or executed under the end user's account, roles, and permissions or using the account, roles, and permissions of another user (e.g., the IT administrator or another user with higher permission levels than the end user). In various embodiments of the enterprise catalog service, some or all of the following use cases may be supported: 1. An end user selects and launches a product from a catalog or portfolio and the resource stack (and resources) are created in the end user's account. In this case, all operations of the resource stack management service, as well as operations of underlying services within resource stack management service and/or the enterprise catalog service, are performed as the end user (using forward access sessions)." Col 38 Lines 22-38]

Roth teaches receiving a second request to perform an action with respect to the second cloud resource, the second request comprising the access token(token ¶21) that comprises the identifier(identifier ¶22) of the service provider; determining whether the service provider identified by the access token is associated with the second service provider permissions(a token containing data such as an identifier and roles are used to determine permission that a user account which can be customer or provider has and what actions is allow under the token, ¶s21-23, 49,73)  
[" FIG. 1 is a high level illustration of an environment 100 in which one or more delegation profiles can be selected and/or dynamically determined to enable a customer to delegate permissions to one or more end user devices or other external entities, in accordance with various embodiments. As illustrated, a resource provider environment 102 can include one or more secured resources 104 of various types, as may be used to support various services and/or applications. These resources can include physical and/or virtual resources, such as application or data servers or server instances, among other such resource types. A customer 124 of the resource provider environment 102 can obtain an account with the resource provider environment, enabling the customer 124 to access one or more of the secured resources 104 across at least one appropriate network 114. The customer in some embodiments can utilize these resources to support applications and services that might be utilized by one or more external entities 116, such as end users of those applications and services.", ¶21]
[" When an account is created for the customer, at least one delegation profile 106 can be created or otherwise associated with the account for the customer. The account is maintained by the resource provider environment on behalf of the customer, and the account can designate one or more principals of the customer 124 and a set of the shared resources (e.g., 104) that those principals can access and use. The delegation profile 106 can be created or selected by an authorized user (e.g., an administrator) associated with the account and/or customer. In accordance with an embodiment, an example delegation profile 106 includes a name 108 or identifier, at least one validation policy 110, and at least one authorization policy 112. The name 108 can be a string or any other identifier that is used to refer to the delegation profile.", ¶22]

[" In accordance with an embodiment, a customer 124 associated with an account is able to provide the delegation profile to an external entity 106, such as an end user or a service. For example, the customer 124 may provide a reference to the delegation profile to the external entity 116. The external entity 116 can then obtain credentials 122 to act as an authorized user under the account by way of the delegation profile 106. For example, the external entity 116 may use the reference to the delegation profile 106 and request the credentials 122 from a security service 116, federation system, or other authorized entity that has access to a copy of the credentials 120. The security service (or other identity or federation management entity) can verify whether the validation policy defined in the delegation profile properly identifies the external entity 116 as being allowed to assume the delegation profile. If the external entity 116 is verified, the security service can issue the set of credentials 122 that can be used by the external entity to perform actions on resources 104 associated with the account, subject to the permissions specified in the authorization policy 110.", ¶23]
[“In at least some embodiments, there can be different roles assigned to entities associated with the same user identifier or credentials, where each of those roles can be associated with a different delegation profile. For example, a user providing identity information to an identity service can receive a credential such as an authentication token. If that user then submits a request with that credential to a set of resources associated with a customer, the user can obtain an assumed role that enables the user to obtain a first level of access associated with that role under the appropriate delegation policy. If the user utilizes an application associated with a third party that makes a similar request to those resources using that credential, a different role can be assumed wherein access can be granted but a second, limited type of access granted based on the role being that of a party or entity acting on behalf of the user. If the third party has a relationship with the provider, a third role might be assumed wherein a level of access might be granted that can in some cases exceed that of the user without the third party relationship. Various other roles can be utilized as well. In at least some embodiments, the roles will be assigned or determined using the respective credential and information regarding a source of the request, a type of entity, a delegation profile to be used, or other such information. In at least some embodiments, the same user credential issued by an identity service can be used by multiple entities in a distributed, multiple provider environment, for example, wherein different roles and levels of access can be assigned for the same credential based at least in part upon the type of entity presenting the credential and/or a relationship of that entity to the respective provider. Further, such an approach can enable different levels of access across accounts of multiple customers of the same, or different, providers.”, ¶49]
[“For example, the external service may submit the request to a security token service and the request may indicate the delegation profile. The set of credentials can be issued to the external service if the external service was verified as having been designated a proper security principal in the validation policy of the delegation profile. These credentials can enable requests to be made within the context of an identity within the account, wherein the permissions granted to the service are based on the capabilities specified in the delegation profile.”, ¶73]

 and responsive to determining that the service provider identified by the access token is associated with the second service provider permissions, permitting the action to be completed with respect to the second cloud resource(tokens are used to verify permission delegated to a user to perform actions and if verified actions are permitted, ¶16 such actions may be management actions such as scaling up/down resources, ¶71).
["Once a delegation profile has been created and assigned to a customer account, permission can be granted to the customer to use the delegation profile for enabling access to the respective resource(s). Thereafter, the customer can use the delegation profile by providing references to the delegation profile to external entities, such as end users or external services, or the customer can provide policies or rules that can be used to determine that the profile should be used for those end users, entities, or services. If an external entity is provided with a reference to the delegation profile, the entity can use the reference to obtain a set of credentials for performing certain actions in the account. For example, an end user can submit a request for credentials to an identity service, such as a security token service, where the request includes a reference to the delegation profile. The security token service can verify whether the end user is one of the security principals that were specified in the validaion policy of the delegation profile. If the user was specified as a security principal, the security token service can provide the end user with a set of credentials. These credentials enable requests to be made within the security context of the delegation profile in the account, subject to the permissions that were specified in the authorization policy. If the end user was not provided with a reference to a delegation profile, the end user can submit a request without the reference and information included in the request can enable a determination of the proper delegation profile to apply. The determination can include, for example, performing a lookup based at least in part upon one or more aspects of the request and/or based at least in part upon one or more aspects of the end user. In some embodiments, the end user can be identified by a security service or federation provider indicated by the delegation profile. In other embodiments, the delegation profile can include a reference to a security service or other authority that is capable of identifying the users, or types of users, for which that delegation profile should be utilized. In some embodiments the permissions can be determined in accordance with one or more rules that map attributes asserted by the security service or other authority to one or more permissions elements.", ¶16]
["Once the delegation profile has been created, the administrator may grant the use of the profile to user of the account named “Bob” such as by including a statement “profile:useprofile” under Bob's identity in the account. After the user Bob has been granted the right to use the profile, Bob may invoke a scaling service to create a scaling group “Group1” (or any other resource modeled within the scaling service), passing in the unique identifier of “profile1” as an argument to the scaling service. For example, the scaling group “Group1” may be a resource modeled within the scaling service that is associated with a group of specific computing instances that should be managed (i.e., expanded or shrunk in number) by the scaling service. Another example of a resource modeled within a service may be code running on a computing instance that may need to invoke a resource in the account acting under the guise of the delegation profile.", ¶71]


Regarding claims 3 and 12, To teaches wherein the service provider is associated with a first tenant of the cloud services platform, wherein the first customer is associated with a second tenant of the cloud services platform, and wherein the second customer is associated with a third tenant of the cloud services platform(tenants of the template deployment system can be both service providers or customers of service thus a first tenant can be a service provider to one or more 2nd and 3rd tenants acting a customers, Col 6 Lines 4-33).
["Note that in the context of the services described herein, the terms “customer” and “buyer” may refer to an enterprise, a business, or another organization that receives services (e.g., catalog services, application management services, and/or software product fulfillment services) from a service provider on behalf of their end users. In this context, the term “sellers” may refer to software vendors that provide their applications for use within the application fulfillment platforms described herein, and the terms “users” and “end users” may refer to employees or members of the enterprise, business, or other organization that receives services on their behalf from the service provider. In various embodiments, users may access software products that are fulfilled through the platforms and services described herein on their own computing resources instances (e.g., on end user machines and/or virtual desktop instances) or may invoke the execution of server products (e.g., services implemented by resource stacks of service provider resources) on their behalf. Note that in various embodiments, an enterprise catalog service “user” may represent an identity and access management role (e.g., a child account of a root account for a service provider customer or service provider customer organization) or may be an end user in a customer organization (e.g., an active directory user), and the enterprise catalog service may support groups of both of these types of users (e.g., active directory groups or identity and access management groups). Note also that the term “active directory”, as used herein, may more generally refer to an active directory, a cloud directory, or another technology for managing users and/or other resources through a directory.", Col 6 Lines 4-33]

Regarding claims 4 and 13, To teaches wherein the first template and the second template are published to an online marketplace by the service provider (Col 6 Lines 4-33) and are selectable for deployment by at least one of the first customer or the second customer( via GUI Col 31 Lines 36-52).
["Note that in the context of the services described herein, the terms “customer” and “buyer” may refer to an enterprise, a business, or another organization that receives services (e.g., catalog services, application management services, and/or software product fulfillment services) from a service provider on behalf of their end users. In this context, the term “sellers” may refer to software vendors that provide their applications for use within the application fulfillment platforms described herein, and the terms “users” and “end users” may refer to employees or members of the enterprise, business, or other organization that receives services on their behalf from the service provider. In various embodiments, users may access software products that are fulfilled through the platforms and services described herein on their own computing resources instances (e.g., on end user machines and/or virtual desktop instances) or may invoke the execution of server products (e.g., services implemented by resource stacks of service provider resources) on their behalf. Note that in various embodiments, an enterprise catalog service “user” may represent an identity and access management role (e.g., a child account of a root account for a service provider customer or service provider customer organization) or may be an end user in a customer organization (e.g., an active directory user), and the enterprise catalog service may support groups of both of these types of users (e.g., active directory groups or identity and access management groups). Note also that the term “active directory”, as used herein, may more generally refer to an active directory, a cloud directory, or another technology for managing users and/or other resources through a directory." Col 6 Lines 4-33]
["The resource 542 may be a virtualized computing resource instance that has a predefined computing capacity and/or memory capacity. In some embodiments, the resource 542 may be loaded with an operating system, configuration files, or other resources that are pre-installed on the resource 542 when it is instantiated. In some embodiments, the computing resource instance may include an initialization script that will be used to apply the metadata defined in the deployment template 510 to the resource 542 and/or deployable unit 544 when the application is launched on resource stack 540 by an end user (e.g., through its selection within a GUI of a resource stack management service console such as resource stack management service console 130 illustrated in FIG. 1). Note that, in some embodiments, service provider system 530 may also include other services that interact with the resource stack (e.g., an identity management service or other security/authorization services).", Col 31 Lines 36-52]
	
Regarding claims 6 and 15, To further teaches wherein at least the first cloud resource or the second cloud resource comprises one or more of: a virtual machine; a Platform-as-a-Service (PaaS) application; a Software-as-a-Service (SaaS) application; a storage account; a Web application, a database; or a virtual network.
[“Various embodiments of methods, systems, and computer-readable media for template generation for deployable units are described. As described herein, when a deployable unit is submitted to a centralized component such as a catalog system, a deployment template may be generated for the deployable unit. The deployable unit may represent any of various types of machine images, software products, software installers, batch files, or other sets of program instructions. The deployment template may represent directives, constraints, and/or other metadata for deploying the deployable unit. The directives may include commands or instructions to be performed in installing and/or configuring a software product. As an example of a directive, if the deployable unit is an application installer, a directive in the deployment template may represent a command to execute the installer on a virtual machine of a specified instance type and then return a value identifying that virtual machine instance. The constraints may include limitations to be observed in installing and/or configuring a software product. As an example of a constraint, the deployment template may restrict deployment to a specified geographical region.", Col2 Line 61 - Col3 Line 14]

Regarding claims 8 and 17, Roth further teaches wherein the access token is provided to the service provider responsive to the service provider logging into an environment associated with the service provider.
["In this example, a provider of the resource provider environment 102 or the customer 124 having an account with the provider for the secured resources 104 can establish a relationship with an advertising entity or service 502, which can be part of, or separate from, either the customer or the provider environment in at least some embodiments. As discussed with respect to FIG. 1, an end user 116 can obtain credentials from an identity service 118 that enable the end user 116 to access at least a portion of the secured resources 104 associated with the account of the customer 124. In this example, at least some of the access by the end user 116 is not funded by the customer 124. The user then can obtain access by agreeing to view advertising from the advertising service 502, when then will provide funding to the customer and/or the resource provider. The advertising can be displayed at any appropriate time, such as at login, while accessing an application, while viewing a page, before submitting a request, before receiving a specified amount of access, or at any other appropriate time. As discussed, there can be an ongoing obligation in at least some circumstances, such that the user agrees to view or receive at least a specified amount of advertising in return for the ability to access the resources. In at least some embodiments, the amount of obligation can correspond to the amount of access obtained and/or the amount of access able to be obtained under a corresponding role or delegation profile, etc.", ¶60]

Regarding claims 9 and 18,To teaches logging the action in an activity log that is accessible to both the service provider and the first customer(reports on usage are generated, such report imply logging of data upon which the reports are  derived, such reports are accessible to administrator tenant and customer tenant based  permissions).
[" For example, in some embodiments, these platforms (and corresponding services thereof) may be integrated with a management console through which the IT administrators may discover and subscribe to a broad selection of applications from a variety of sources, build catalogs and/or portfolios of applications from a variety of sources and having a variety of subscription/licensing models, control access to applications with granular access policy enforcement on a per user basis, manage application updates, access detailed usage reports for their enterprise, application portfolios and end users, and/or monitor real-time installs as well as license activation on a per application basis.", Col 6 Lines 51-63]

[“For example, in some cases, each of the virtual desktop instances (and/or the applications running thereon) may be part of the active directory framework of the organization or enterprise and may be able to access shared files or other resources on the existing network of the organization or enterprise once the credential presented by the user upon logging into the virtual desktop instance have been authenticated.”, Col 17 Lines 54-67]


Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over To/Cleaver/Roth as applied to claim 2 and 11 above, and further in view of Saenz 2017/0235559.
Regarding claims 5 and 14, To/Roth do not teach further comprising: providing a user interface via which the service provider is enabled to manage the first cloud resource allocated to the environment of the first customer and the second cloud resource allocated to the environment of the second customer; and receiving an input from the service provider via the user interface that causes a same action to be performed with respect to the first cloud resource and the second cloud resource. Saenz in the analogous networking arts tach a system for management cloud resources in a multi-tenant cloud. Saenz teaches providing a user interface via which the service provider is enabled to manage the first cloud resource allocated to the environment of the first customer and the second cloud resource allocated to the environment of the second customer; and receiving an input from the service provider via the user interface that causes a same action to be performed with respect to the first cloud resource and the second cloud resource(user interface to select one or more tenant and apply and upgrade/change to multiple tenants, ¶s 24-31).
[“a set of instructions stored on a non-transient medium and executable by the electronic data processing element, which when executed cause the apparatus to
 generate a user interface configured to receive an identification of an extension or an upgrade to an extension to an element of the multi-tenant data processing system from the user; 
receive from the user a selection of an action to be applied to the extension or to the upgrade to the extension; 
receive from the user an identification of one or more accounts associated with one or more tenants of the multi-tenant data processing system to which the selected action is to be applied; 
perform one or more validation tests as needed to determine the acceptability of the extension or the upgrade to the extension for the selected action; 
based on the identified extension or the upgrade to the extension, determine a status of the extension or upgrade with regards to each of the one or more identified user accounts; 
 determine a deployment process operable to achieve the selected action for the extension or for the upgrade; and
 operate to implement the deployment process upon receipt of a command from the user. ¶24-31]

It would have been obvious to a person of ordinary skill in the art at the time of the filing to modify To/Roth with an interface that can perform actions such as deployment of resource rules/policy across multiple tenants in a cloud environment as taught by Saenz. The reason for this modification would be to be able to efficiently and quickly deploy policies or make changes that apply to multiple tenant resources. 

Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over To/Cleaver/Roth as applied to claims 1 and 10 above, and further in view of Schumacher US 2013/0125209.
Regarding claims 7 and 16, To/Roth do not teach further comprising: providing the service provider a limited duration of time to perform the action, the limited duration of time being specified by the first customer via the first template. Schumacher in the analogous networking arts teaches a system for multi-tenant computing. Schumacher teaches providing the service provider a limited duration of time to perform the action, the limited duration of time being specified by the first customer via the first template.
[" As discussed above, each server has associated information rights templates (e.g., templates) that define access permissions or rights that may be set for each content item 125. More specifically, a template contains a usage policy that is used to create the publishing license when the content item 125 is protected using that particular template. For example, the template is used to identify authorized users and the actions the authorized users are allowed to take with the content item. Such actions may include for example, permissions to read, write to, forward, or print the content item 125. In certain embodiments, the template may also set a time limit on each of the permissions listed above. Once the time limit has expired, the recipient user may be required to re-verify their credentials with the server. If the user's credentials are still valid, the user regains access to the content item 125.", ¶25]

It would have been obvious to a person of ordinary skill in the art at the time of the filing to modify To/Roth specifically To’s templates with specifying time limits to perform actions in the usage policy incorporated in a template as taught by Schumacher. Not such a modification applies the time limits for access to content of Schumacher to time limits for perform service provider functions of To/Roth. The reason for this modification would be to provide stronger security and access limitations allowing a customer to control how a service provider can perform admin tasks on the customer deployments. 
	
Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over To 10,318,265 and further in view of Saenz US 2017/0235559.
Regarding claim 19, To teaches a computer-implemented system for managing cloud resources of a cloud services platform. comprising: a first user interface (UI) that enables a first customer to deploy a first template published by a service provider. the deployment of the first template causing a first cloud resource deployed to an environment of the first customer to be manageable by the service provider(a customer of an organization can deploy  application/service using templates created by a service provider within the same organization or another organization, Col3 Lines 15-37 such deployment via a GUI Col 31 Lines 36-52 tenants can be a service provider that is the same or different organization than customer tenant , Col 6 Lines 4-33] ) 
["The deployment template may include a description of the deployable unit, a description of resources of a provider network to which deployment is permissible (e.g., instance types and/or resource types), an indication of the regions of a provider network to which deployment is permissible, an indication of inputs and outputs for deployment, an indication of dependencies on other resources, an indication of suitable parameters for deployment, and/or other suitable metadata. The deployment template for the deployable unit may be generated automatically and/or programmatically based on analysis of the deployable unit and potentially based on user input that is solicited as part of the generation of the deployment template. The deployment template may be added to a service catalog. Upon selection of the deployment template in the service catalog, the deployable unit may be deployed to one or more resources of a multi-tenant provider network based (at least in part) on the deployment template, e.g., by following the directives of the deployment template. In this manner, software products of various types (and potentially of an arbitrary type) may be wrapped in a deployment template and added to a service catalog without the requirement for an administrator or other user to create a deployment template manually.", Col 3 Lines 15-37]

 ["Note that in the context of the services described herein, the terms “customer” and “buyer” may refer to an enterprise, a business, or another organization that receives services (e.g., catalog services, application management services, and/or software product fulfillment services) from a service provider on behalf of their end users. In this context, the term “sellers” may refer to software vendors that provide their applications for use within the application fulfillment platforms described herein, and the terms “users” and “end users” may refer to employees or members of the enterprise, business, or other organization that receives services on their behalf from the service provider. In various embodiments, users may access software products that are fulfilled through the platforms and services described herein on their own computing resources instances (e.g., on end user machines and/or virtual desktop instances) or may invoke the execution of server products (e.g., services implemented by resource stacks of service provider resources) on their behalf. Note that in various embodiments, an enterprise catalog service “user” may represent an identity and access management role (e.g., a child account of a root account for a service provider customer or service provider customer organization) or may be an end user in a customer organization (e.g., an active directory user), and the enterprise catalog service may support groups of both of these types of users (e.g., active directory groups or identity and access management groups). Note also that the term “active directory”, as used herein, may more generally refer to an active directory, a cloud directory, or another technology for managing users and/or other resources through a directory." Col 6 Lines 4-33]
["The resource 542 may be a virtualized computing resource instance that has a predefined computing capacity and/or memory capacity. In some embodiments, the resource 542 may be loaded with an operating system, configuration files, or other resources that are pre-installed on the resource 542 when it is instantiated. In some embodiments, the computing resource instance may include an initialization script that will be used to apply the metadata defined in the deployment template 510 to the resource 542 and/or deployable unit 544 when the application is launched on resource stack 540 by an end user (e.g., through its selection within a GUI of a resource stack management service console such as resource stack management service console 130 illustrated in FIG. 1). Note that, in some embodiments, service provider system 530 may also include other services that interact with the resource stack (e.g., an identity management service or other security/authorization services).", Col 31 Lines 36-52]
	
a second UI that enables a second customer to deploy a second template published by the service provider. the deployment of the second template causing a second cloud resource deployed to an environment of the second customer to be manageable by the service provider(a customer of an organization can deploy  application/service using templates created by a service provider within the same organization or another organization, Col3 Lines 15-37 such deployment via a GUI Col 31 Lines 36-52 tenants can be a service provider that is the same or different organization than customer tenant , Col 6 Lines 4-33, To teaches multiple tenant thus a second or more customer tenant can deploy instances) 
["The deployment template may include a description of the deployable unit, a description of resources of a provider network to which deployment is permissible (e.g., instance types and/or resource types), an indication of the regions of a provider network to which deployment is permissible, an indication of inputs and outputs for deployment, an indication of dependencies on other resources, an indication of suitable parameters for deployment, and/or other suitable metadata. The deployment template for the deployable unit may be generated automatically and/or programmatically based on analysis of the deployable unit and potentially based on user input that is solicited as part of the generation of the deployment template. The deployment template may be added to a service catalog. Upon selection of the deployment template in the service catalog, the deployable unit may be deployed to one or more resources of a multi-tenant provider network based (at least in part) on the deployment template, e.g., by following the directives of the deployment template. In this manner, software products of various types (and potentially of an arbitrary type) may be wrapped in a deployment template and added to a service catalog without the requirement for an administrator or other user to create a deployment template manually.", Col 3 Lines 15-37]

 ["Note that in the context of the services described herein, the terms “customer” and “buyer” may refer to an enterprise, a business, or another organization that receives services (e.g., catalog services, application management services, and/or software product fulfillment services) from a service provider on behalf of their end users. In this context, the term “sellers” may refer to software vendors that provide their applications for use within the application fulfillment platforms described herein, and the terms “users” and “end users” may refer to employees or members of the enterprise, business, or other organization that receives services on their behalf from the service provider. In various embodiments, users may access software products that are fulfilled through the platforms and services described herein on their own computing resources instances (e.g., on end user machines and/or virtual desktop instances) or may invoke the execution of server products (e.g., services implemented by resource stacks of service provider resources) on their behalf. Note that in various embodiments, an enterprise catalog service “user” may represent an identity and access management role (e.g., a child account of a root account for a service provider customer or service provider customer organization) or may be an end user in a customer organization (e.g., an active directory user), and the enterprise catalog service may support groups of both of these types of users (e.g., active directory groups or identity and access management groups). Note also that the term “active directory”, as used herein, may more generally refer to an active directory, a cloud directory, or another technology for managing users and/or other resources through a directory." Col 6 Lines 4-33]
["The resource 542 may be a virtualized computing resource instance that has a predefined computing capacity and/or memory capacity. In some embodiments, the resource 542 may be loaded with an operating system, configuration files, or other resources that are pre-installed on the resource 542 when it is instantiated. In some embodiments, the computing resource instance may include an initialization script that will be used to apply the metadata defined in the deployment template 510 to the resource 542 and/or deployable unit 544 when the application is launched on resource stack 540 by an end user (e.g., through its selection within a GUI of a resource stack management service console such as resource stack management service console 130 illustrated in FIG. 1). Note that, in some embodiments, service provider system 530 may also include other services that interact with the resource stack (e.g., an identity management service or other security/authorization services).", Col 31 Lines 36-52]

 
To teaches a GUI..( i.e. admin console Col 31 Line 34- Col 32 Line 18)  but does not teach a third UI that enables the service provider to take actions with respect to both the first cloud resource and the second cloud resource via a single input.
Saenz in the analogous networking arts teaches a system for management cloud resources in a multi-tenant cloud. Saenz teaches a third UI that enables the service provider to take actions with respect to both the first cloud resource and the second cloud resource via a single input(user interface to select one or more tenant and apply and upgrade/change to multiple tenants, ¶s 24-31).
[“a set of instructions stored on a non-transient medium and executable by the electronic data processing element, which when executed cause the apparatus to
 generate a user interface configured to receive an identification of an extension or an upgrade to an extension to an element of the multi-tenant data processing system from the user; 
receive from the user a selection of an action to be applied to the extension or to the upgrade to the extension; 
receive from the user an identification of one or more accounts associated with one or more tenants of the multi-tenant data processing system to which the selected action is to be applied; 
perform one or more validation tests as needed to determine the acceptability of the extension or the upgrade to the extension for the selected action; 
based on the identified extension or the upgrade to the extension, determine a status of the extension or upgrade with regards to each of the one or more identified user accounts; 
 determine a deployment process operable to achieve the selected action for the extension or for the upgrade; and
 operate to implement the deployment process upon receipt of a command from the user. ¶24-31]

It would have been obvious to a person of ordinary skill in the art at the time of the filing to modify To with an interface that can perform actions such as deployment of resource rules/policy across multiple tenants in a  cloud environment as taught by Saenz. The reason for this modification would be to be able to efficiently and quickly deploy policies or make changes that apply to multiple tenant resources. 
Regarding claim 20, To teaches wherein the actions comprise one or more of: updating the first cloud resource and the second cloud resource; reading the first cloud resource and the second cloud resource; deleting the first cloud resource and the second cloud resource; performing a security-related task with respect to the first cloud resource and the second cloud resource; or performing a maintenance-related task with respect to the first cloud resource and the second cloud resource.
[“As previously noted and described in more detail below, in order to manage the delivery of software products to end users, an IT administrator of a business, enterprise, or other organization may be able to perform a variety of different actions through an administrator console of an application fulfillment platform (such as service provider management console 106 in FIG. 1 or service provider system console 422 in FIG. 4), many of which fall into one of the following three broad categories: 1) Building a catalog for the organization, where the catalog is a collection of software products that may include any of the following product types: the organization's own line-of-business (e.g., custom) applications desktop applications or server products for which the organization has purchased licenses, including enterprise-wide licenses (e.g., products that may be included in the catalog under a “bring your own license” model) desktop applications or server products purchased or leased from the service provider (e.g., products that were developed by the service provider or that were purchased or leased by the service provider for the benefit of its customers) 2) Assigning particular software products to specific end users and/or user groups in the same organization 3) Generating, obtaining, and/or viewing reports indicating the usage of the software products that are provided through an application fulfillment platform or resource stack management service to end users in the same organization", Col 31 Line 34- Col 32 Line 18]


Applicant Remarks

Applicant remarks with respect to claims 1-18 have been considered an found persuasive. However the examiner contends such claims are obvious over To in further view of Cleaver and Roth. 
Applicant remarks with respect to claims 19-20 have been considered an found persuasive. However the examiner contends such claims are obvious over To in further view of Saenz.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TOM Y. CHANG whose telephone number is (571)270-5938.  The examiner can normally be reached on Monday - Thursday from 9am to 5pm.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Philip Chea , can be reached on (571)272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 
Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/TOM Y CHANG/
Primary Examiner, Art Unit 2456