Filter-based attribute value access control
First Claim
Patent Images
1. A method comprising:
- designating a location in a directory server;
providing attribute-related data comprising a filter expression; and
selectively controlling access to an entry situated at the designated location using the filter expression in said attribute-related data.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of systems and methods for implementing filter-based attribute value access control are disclosed. In one embodiment, a method involves designating a location in the directory server, providing attribute related data that includes a filter expression, and selectively controlling access to an entry situated at the designated location using the filter expression in the attribute related data. For example, access to an attribute of the entry may be denied if a criterion defined by the filter expression associated with the attribute is not met by a first value of the attribute.
66 Citations
31 Claims
-
1. A method comprising:
-
designating a location in a directory server;
providing attribute-related data comprising a filter expression; and
selectively controlling access to an entry situated at the designated location using the filter expression in said attribute-related data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20)
-
-
10. A directory server request processor comprising:
-
a filter execution processor configured to generate a result of a filter expression; and
an access control instruction processor comprising an interpreter, wherein the interpreter calls the filter execution processor in response to a filter-indicating keyword in an access control instruction and controls access through the directory server request in accordance with the result of the filter execution processor. - View Dependent Claims (11, 12, 13)
-
-
14. A computer readable medium comprising program instructions computer executable to:
-
receive a request to access an attribute of a directory server entry;
deny access if a criterion defined by a filter expression associated with the attribute is not met by a first value of the attribute. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
21. A method comprising:
-
receiving a request to access an attribute of a directory server entry;
denying access if a criterion defined by a filter expression associated with the attribute is not met by a first value of the attribute. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A directory server comprising:
-
an access control processor for processing an access control instruction controlling access to a first attribute of a first entry, wherein the access control instruction specifies a filter expression; and
a filter processor for generating a result of a filter expression for a first value of the first attribute;
wherein the access control processor provides the filter processor with the filter expression and the first value and controls access to the first attribute of the first entry based on the result of the filter expression;
wherein the filter expression defines a criterion for values of the first attribute. - View Dependent Claims (29, 30, 31)
-
Specification