Community access control in a multi-community node
First Claim
1. A method of community access control in a Multi-Community Node (MCN), said method comprising:
- receiving a request for access to an object;
permitting access to said object in response to detecting said request is from a user, wherein a user community set (UCS) of said user is a superset of an object community set (OCS) of said object; and
permitting access to said object in response to detecting said request is from a process, wherein an application process community set (ACS) of said process is a superset of said OCS.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and mechanism of enforcing community access control in a computer network, wherein access to objects by users and processes is controlled. A Multi-Community Node (MCN) processes information for users in multiple communities and must enforce a community separation policy. The enforcement method and mechanism use a database of associations of sets of communities corresponding to users, processes, and system objects. Upon receiving a request for access to an object by a user, the MCN permits access if a user community set (UCS) of the user is a superset of an object community set (OCS) of the object; otherwise, access is denied. Upon receiving a request for access to an object by a process, the MCN permits access if an application process community set (ACS) of the process is a superset the OCS of the object; otherwise, access is denied.
-
Citations
34 Claims
-
1. A method of community access control in a Multi-Community Node (MCN), said method comprising:
-
receiving a request for access to an object;
permitting access to said object in response to detecting said request is from a user, wherein a user community set (UCS) of said user is a superset of an object community set (OCS) of said object; and
permitting access to said object in response to detecting said request is from a process, wherein an application process community set (ACS) of said process is a superset of said OCS. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A Multi-Community Node (MCN) comprising:
-
a processing unit configured to receive a request for access to an object, wherein said processing unit is configured to permit access to said object in response to detecting said request is from a user, wherein a user community set (UCS) of said user is a superset of an object community set (OCS) of said object, and wherein said processing unit is configured to permit access to said object in response to detecting said request is from a process, wherein an application process community set (ACS) of said process is a superset of said OCS; and
a community information base. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
18. A computer system comprising:
-
a computer network; and
a multi-community node (MCN) coupled to said computer network, wherein said MCN comprises;
a processing unit configured to receive a request for access to an object, wherein said processing unit is configured to permit access to said object in response to detecting said request is from a user, wherein a user community set (UCS) of said user is a superset of an object community set (OCS) of said object, and wherein said processing unit is configured to permit access to said object in response to detecting said request is from a process, wherein an application process community set (ACS) of said process is a superset of said OCS; and
a community information base.
-
-
26. A carrier medium comprising program instructions, wherein said program instructions are executable to:
-
receive a request for access to an object;
permit access to said object in response to detecting said request is from a user, wherein a user community set (UCS) of said user is a superset of an object community set (OCS) of said object; and
permit access to said object in response to detecting said request is from a process, wherein an application process community set (ACS) of said process is a superset of said OCS.
-
Specification