Method and apparatus for securely and dynamically managing user attributes in a distributed system
First Claim
1. A method for managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the method comprising;
modifying an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users;
obtaining an identity certificate from a certificate authority;
associating the identity certificate with a user from the plurality of users within the attribute database;
assigning an attribute from the plurality of possible user attributes to the user, whereby the user is granted access rights based on the attribute and the identity certificate;
storing the attribute assigned to the user in the attribute database; and
distributing modifications to the attribute database to a plurality of hosts coupled together by a network.
14 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for managing user attributes that determines access rights in a distributed computing system. The system modifies an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users. Next, for a given user the system obtains an identity certificate from a certificate authority. This identity certificate is associated with a user from the attribute database. The system also assigns an attribute to the user from the possible user attributes, whereby the user is granted access rights based on the attribute and the identity certificate. This attribute is stored in the attribute database. Finally, modifications to the attribute database are distributed to a plurality of hosts coupled together by a network.
-
Citations
24 Claims
-
1. A method for managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the method comprising;
modifying an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users;
obtaining an identity certificate from a certificate authority;
associating the identity certificate with a user from the plurality of users within the attribute database;
assigning an attribute from the plurality of possible user attributes to the user, whereby the user is granted access rights based on the attribute and the identity certificate;
storing the attribute assigned to the user in the attribute database; and
distributing modifications to the attribute database to a plurality of hosts coupled together by a network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- the method comprising;
-
9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the method comprising;
modifying an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users;
obtaining an identity certificate from a certificate authority;
associating the identity certificate with a user from the plurality of users within the attribute database;
assigning an attribute from the plurality of possible user attributes to the user, whereby the user is granted access rights based on the attribute and the identity certificate;
storing the attribute assigned to the user in the attribute database; and
distributing modifications to the attribute database to a plurality of hosts coupled together by a network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
- the method comprising;
-
17. An apparatus that facilitates managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the apparatus comprising;
a modifying mechanism configured to modify an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users;
an identity certificate obtaining mechanism configured to obtain an identity certificate from a certificate authority;
an associating mechanism configured to associated the identity certificate with a user from the plurality of users within the attribute database;
an assigning mechanism configured to assign an attribute from the plurality of possible user attributes to the user, whereby the user is granted access rights based on the attribute and the identity certificate;
a storing mechanism configured to store the attribute assigned to the user in the attribute database; and
a distributing mechanism that is configured to distribute modifications to the attribute database to a plurality of hosts coupled together by a network.
- the apparatus comprising;
Specification