Method and system for session based authorization and access control for networked application objects
First Claim
1. An ingress-session-based authorization and access control method in a data processing system to control access from an initiator-host (IH) to objects Target1, Target2) on a target host (TH) comprising the steps of:
- (i) receiving an access-request, preferably a request-message (M1), originally coming from the initiator-host (IH), that references an object (Target1, Target2) on the target host (TH) to access, (ii) assigning the access-request (M1) to an ingress-session and selecting a session-context (SC-U, SC-W, SC-Y) belonging to that ingress-session, (iii) checking whether the access to the referenced object Target1, Target2) is authorized in the selected session-context (SC-U, SC-W, SC-Y) or not, and (iv) denying the access to the referenced object Target1, Target2) if the access to said object on the target host (TH) is not authorized in the selected session-context (SC-U, SC-W, SC-Y), (v) granting the access to the referenced object Target1, Target2) if the access to said object on the target host (TH) is allowed in the selected session-context. (SC-U, SC-W, SC-Y) wherein references to objects (Target1, Target2) on the target host (TH) were handed over to the initiator-host (IH) as a response to an access-request already granted and wherein the object the reference is handed over for is authorized for access under the handed over reference in that session-context (SC-U, SC-W, SC-Y) the already granted access-request is assigned to.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to an ingress-session-based authorization and access control method and system to control access from an initiator-host (IH) to objects (Target 1, Target 2) on a target host (TH) by receiving an access-request, preferably a request-message (M1), originally coming from the initiator-host (IH), that references an object (Target 1, Target 2) on the target host (TH) to access, assigning the access-request (M1) to an ingress-session and selecting a session-context (SC-U, SC-W, SC-Y) belonging to that ingress-session, checking whether the access to the referenced object (Target 1, Target 2) is authorized in the selected session-context (SC-U, SC-W, SC-Y)or not wherein references to objects (Target 1, Target 2) on the target host (TH) were handed over to the initiator-host (IH) as a response to an access-request already granted and wherein the object the reference is handed over for is authorized for access under the handed over reference in that session-context (SC-U, SC-W, SC-Y)the already granted access-request is assigned to.
58 Citations
15 Claims
-
1. An ingress-session-based authorization and access control method in a data processing system to control access from an initiator-host (IH) to objects Target1, Target2) on a target host (TH) comprising the steps of:
-
(i) receiving an access-request, preferably a request-message (M1), originally coming from the initiator-host (IH), that references an object (Target1, Target2) on the target host (TH) to access, (ii) assigning the access-request (M1) to an ingress-session and selecting a session-context (SC-U, SC-W, SC-Y) belonging to that ingress-session, (iii) checking whether the access to the referenced object Target1, Target2) is authorized in the selected session-context (SC-U, SC-W, SC-Y) or not, and (iv) denying the access to the referenced object Target1, Target2) if the access to said object on the target host (TH) is not authorized in the selected session-context (SC-U, SC-W, SC-Y), (v) granting the access to the referenced object Target1, Target2) if the access to said object on the target host (TH) is allowed in the selected session-context. (SC-U, SC-W, SC-Y) wherein references to objects (Target1, Target2) on the target host (TH) were handed over to the initiator-host (IH) as a response to an access-request already granted and wherein the object the reference is handed over for is authorized for access under the handed over reference in that session-context (SC-U, SC-W, SC-Y) the already granted access-request is assigned to. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An ingress-session-based authorization and access control data processing system to control access from an initiator-host (IH) to objects (Target1, Target2) on a target host (TH) comprising,
means to receive an access-request, preferably a request-message (M1), originally coming from the initiator-host (IH), that references an object (Target1, Target2) on the target host (TH) to access, means to assign the access-request (M1) to an ingress-session and selecting a session-context (SC-U, SC-W, SC-Y) belonging to that ingress-session, means to check whether the access to the referenced object (Target1, Target2) is authorized in the selected session-context (SC-U, SC-W, SC-Y) or not, that deny the access to the referenced object (Target1, Target2) if the access to said object on the target host (TH) is not authorized in the selected session-context (SC-U, SC-W, SC-Y) and that grants the access to the referenced object (Target1, Target2) if the access to said object on the target host (TH) is allowed in the selected session-context (SC-U, SC-W, SC-Y) wherein the system also comprises means that hand over references to objects (Target1, Target2) on the target host (TH) to the initiator-host (IH) as a response to an access-request already granted and wherein the system comprises means that authorize objects the reference is handed over for, for access under the handed over reference in that session-context (SC-U, SC-W, SC-Y) the already granted access-request is assigned to.
Specification