Macro-based access control
First Claim
1. A method of implementing node related conditions in a directory server having a tree structure using condition-defining data attached to nodes, the method comprising:
- attaching condition-defining data to a given node in the tree structure, said condition defining data having a variable portion and a reference portion;
upon access to a subnode of said given node in the tree;
tentatively deriving a value for the variable portion, using the reference portion and a property of the subnode, changing the variable portion into the value; and
evaluating the condition in said condition defining data as interpreted.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of systems and methods for using condition defining data (e.g., access control instructions) attached to nodes in a tree to implement node-related conditions in a directory server having a tree structure are disclosed. In one embodiment, a method includes attaching condition defining data that includes a variable portion and a reference portion to a given node in the tree structure, and upon access to a subnode of said given node in the tree, using the reference portion and a property of the subnode to tentatively derive a value for the variable portion, changing the variable portion into the value, and evaluating the condition in said condition defining data.
-
Citations
44 Claims
-
1. A method of implementing node related conditions in a directory server having a tree structure using condition-defining data attached to nodes, the method comprising:
-
attaching condition-defining data to a given node in the tree structure, said condition defining data having a variable portion and a reference portion;
upon access to a subnode of said given node in the tree;
tentatively deriving a value for the variable portion, using the reference portion and a property of the subnode, changing the variable portion into the value; and
evaluating the condition in said condition defining data as interpreted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A directory server system comprising:
-
a tree comprising a plurality of nodes; and
a tree structure processor for using condition defining data attached to a given node of the plurality of nodes;
wherein the condition defining data includes a reference portion and a variable portion;
wherein upon access to a subnode of the given node and in response to the condition defining data having a variable portion, the tree structure processor is configured to tentatively derive a value for the variable portion using the reference portion and a property of the subnode and use a condition in said condition defining data with its variable portion changed into the value. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer readable medium comprising program instructions computer executable to implement node related conditions in a directory server having a tree structure using condition-defining data attached to nodes, wherein the program instructions are configured to:
-
attach condition-defining data to a given node in the tree structure, said condition defining data having a variable portion and a reference portion;
upon access to a subnode of said given node in the tree;
tentatively derive a value for the variable portion, using the reference portion and a property of the subnode, change the variable portion into the value; and
evaluate the condition in said condition defining data as interpreted. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification