Employing wrapper profiles

US 20040010591A1
Filed: 12/20/2002
Published: 01/15/2004
Est. Priority Date: 07/11/2002
Status: Active Grant

First Claim

Patent Images

1. A method of controlling profile access, comprising the step of:

(a) creating a wrapper profile for a first profile; and

(b) setting a locking state of said wrapper profile for said first profile.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is disclosed for controlling access to data store information among multiple entities. A corresponding wrapper is created for information that may be subject to simultaneous access attempts. The wrapper includes an attribute that identifies the accessibility of the information—indicating whether the information is locked from further access, shareable among multiple entities, or not restricted at all. Before accessing information in the data store, an entity looks at the wrapper associated with the information to determine the type of access allowed, if any. An Identity, Access, or integrated Identity/Access System may maintain the wrappers as objects in the data store, with each wrapper object controlling another object containing information. Wrappers can be utilized when multiple provisioning applications are employed to provision resources. Each user and their corresponding resources are represented as objects with corresponding wrappers. Each provisioning application employs the wrappers to ensure that it has exclusive ownership of selected user and resource objects when provisioning resources to the selected user.

210 Citations

98 Claims

1. A method of controlling profile access, comprising the step of:
- (a) creating a wrapper profile for a first profile; and
  
  (b) setting a locking state of said wrapper profile for said first profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, wherein said step (b) causes said first profile to be not locked.
  - 3. A method according to claim 1, wherein said step (b) causes said first profile to be shared.
  - 4. A method according to claim 1, wherein said step (b) causes said first profile to be locked.
  - 5. A method according to claim 1, wherein said method includes the step of:
    - (c) performing a task related to said first profile after said step (b) is performed.
  - 6. A method according to claim 5, wherein said method includes the step of:
    - (d) setting said locking state of said wrapper profile to unlock said first profile.
  - 7. A method according to claim 5, wherein said method includes the step of:
    - (e) deleting said wrapper profile.
  - 8. A method according to claim 5, wherein said task is servicing a provisioning request.
  - 9. A method according to claim 1, wherein said step (b) includes the steps of:
    - (1) setting a current time stamp in said wrapper profile;
      
      (2) setting a locking status in said wrapper profile; and
      
      (3) setting a component identifier in said wrapper profile.
  - 10. A method according to claim 1, wherein said first profile is a user profile.
  - 11. A method according to claim 1, wherein said first profile is a resource profile.
  - 12. A method according to claim 1, wherein said method is performed as part of an Identity System.
  - 13. A method according to claim 1, wherein said method is performed as part of an Access System.
  - 14. A method according to claim 1, wherein said method is performed as part of an integrated Identity/Access System.

15. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) creating a wrapper profile for a first profile; and
  
  (b) setting a locking state of said wrapper profile for said first profile.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. One or more processor readable storage devices according to claim 15, wherein said step (b) causes said first profile to be locked.
  - 17. One or more processor readable storage devices according to claim 15, wherein said method includes the step of:
    - (c) performing a task related to said first profile after said step (b) is performed.
  - 18. One or more processor readable storage devices according to claim 17, wherein said method includes the step of:
    - (d) setting said locking state of said wrapper profile to unlock said first profile.
  - 19. One or more processor readable storage devices according to claim 17, wherein said method includes the step of:
    - (e) deleting said wrapper profile.
  - 20. One or more processor readable storage devices according to claim 15, wherein said method is performed as part of an Identity System.
  - 21. One or more processor readable storage devices according to claim 15, wherein said method is performed as part of an Access System.

22. An apparatus, comprising:
- one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices, said one or more processors perform a method comprising the steps of;
  
  (a) creating a wrapper profile for a first profile;
  
  (b) setting a locking state of said wrapper profile for said first profile; and
  
  (c) performing a task related to said first profile after said step (b) is performed.

23. A method of controlling profile access, comprising the steps of:
- (a) creating a first profile; and
  
  (b) locking said first profile.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. A method according to claim 23, wherein said step (b) includes the step of:
    - (1) setting a locking state of a wrapper profile corresponding to said first profile.
  - 25. A method according to claim 23, wherein said step (b)(1) includes the steps of:
    - (i) setting a current time stamp of said wrapper profile;
      
      (ii) setting a locking status of said wrapper profile; and
      
      (iii) setting a component identifier of said wrapper profile.
  - 26. A method according to claim 23, wherein said method further includes the step of:
    - (c) performing a task related to said first profile after said step (b) is performed; and
      
      (d) unlocking said first profile.
  - 27. A method according to claim 26, wherein said step (d) includes the step of:
    - (1) deleting a wrapper profile corresponding to said first profile.
  - 28. A method according to claim 23, wherein said method is performed as part of an Identity System.
  - 29. A method according to claim 23, wherein said method is performed as part of an Access System.
  - 30. A method according to claim 23, wherein said method is performed as part of an integrated Identity/Access System.

31. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) creating a first profile; and
  
  (b) locking said first profile.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. One or more processor readable storage devices according to claim 31, wherein said step (b) includes the step of:
    - (1) setting a locking state of a wrapper profile corresponding to said first profile.
  - 33. One or more processor readable storage devices according to claim 31, wherein said method further includes the steps of:
    - (c) performing a task related to said first profile after said step (b) is performed; and
      
      (d) unlocking said first profile.
  - 34. One or more processor readable storage devices according to claim 33, wherein said step (d) includes the step of:
    - (1) deleting a wrapper profile corresponding to said first profile.
  - 35. One or more processor readable storage devices according to claim 31, wherein said method is performed as part of an Identity System.
  - 36. One or more processor readable storage devices according to claim 31, wherein said method is performed as part of an Access System.

37. A method of controlling profile access, comprising the steps of:
- (a) selecting a task request corresponding to a first profile;
  
  (b) accessing a wrapper profile corresponding to said first profile to determine if said first profile is locked; and
  
  (c) setting a locking state of said wrapper profile to lock said first profile, if it is determined in said step (b) that said wrapper profile is not locked.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 38. A method according to claim 37, wherein said method further includes the step of:
    - (d) determining whether an error occurred, if it is determined in said step (b) that said wrapper profile is locked.
  - 39. A method according to claim 38, wherein said step (d) includes the step of:
    - (1) determining whether said first profile has been locked for at least a threshold period of time.
  - 40. A method according to claim 39, wherein said step (d)(1) includes the step of:
    - (i) determining whether said wrapper profile was last set to have a locking state of locked at least said threshold period of time before said step (d) is performed.
  - 41. A method according to 40, further including the step of:
    - (e) setting said locking state of said wrapper profile to locked, if it is determined in said step (d) that said error occurred.
  - 42. A method according to claim 41, wherein said error is said first profile being locked for at least said threshold period of time and said step (e) includes the step of:
    - (1) setting a current time stamp of said wrapper profile;
      
      (2) setting a locking status of said wrapper profile to locked; and
      
      (3) setting a component identifier of said wrapper profile.
  - 43. A method according to claim 37, wherein at least one profile corresponds to said first profile and said method further includes the step of:
    - (f) receiving information from said wrapper profile, wherein said information corresponds to said first profile;
      
      (g) identifying a wrapper profile for each unlocked profile in said at least one profile; and
      
      (h) setting a locking state for each wrapper profile identified in said step (g).
  - 44. A method according to claim 43, wherein said locking state causes said each unlocked profile in said at least one profile to be locked.
  - 45. A method according to claim 43, wherein said method further includes the step of:
    - (j) unlocking said first profile after at least one task related to said first profile has been performed.
  - 46. A method according to claim 45, wherein said step (j) includes the step of deleting said wrapper profile.
  - 47. A method according to claim 45, wherein:
    - said first profile is a user profile, said each unlocked profile in said at least one profile includes at least one resource profile, and said at least one task includes provisioning at least one resource.
  - 48. A method according to claim 37, wherein said method is performed as part of an Identity System.
  - 49. A method according to claim 37, wherein said method is performed as part of an Access System.

50. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) selecting a task request corresponding to a first profile;
  
  (b) accessing a wrapper profile corresponding to said first profile to determine if said first profile is locked; and
  
  (c) setting a locking state of said wrapper profile to lock said first profile, if it is determined in said step (b) that said wrapper profile is not locked.
- View Dependent Claims (51, 52, 53, 54, 55, 56)
- - 51. One or more processor readable storage devices according to claim 50, wherein said method further includes the step of:
    - (d) determining whether an error occurred, if it is determined in said step (b) that said wrapper profile is locked.
  - 52. One or more processor readable storage devices according to claim 51, wherein said step (d) includes the steps of:
    - (1) determining whether said first profile has been locked for at least a threshold period of time.
  - 53. One or more processor readable storage devices according to claim 52, wherein said step (d)(1) includes the step of:
    - (i) determining whether said wrapper profile was last set to have a locking state of locked at least said threshold period of time before said step (d) is performed.
  - 54. One or more processor readable storage devices according to claim 50, wherein at least one profile corresponds to said first profile and said method further includes the step of:
    - (f) receiving information from said wrapper profile, wherein said information corresponds to said first profile;
      
      (g) identifying a wrapper profile for each unlocked profile in said at least one profile; and
      
      (h) setting a locking state for each wrapper profile identified in said step (g).
  - 55. One or more processor readable storage devices according to claim 54, wherein said method further includes the step of:
    - (k) unlocking said first profile after at least one task related to said first profile has been performed.
  - 56. One or more processor readable storage devices according to claim 50 wherein said method is performed as part of an Identity System.

57. A method of controlling profile access, comprising the steps of:
- (a) identifying at least one wrapper profile satisfying criteria, wherein said criteria calls for said at least one wrapper profile to have a locking status of locked and said locking status to have been in place for at least a threshold period of time; and
  
  (b) for each wrapper profile identified in said step (a), setting a current time stamp.
- View Dependent Claims (58, 59, 60, 61)
- - 58. A method according to claim 57, wherein said method includes the step of:
    - (c) for each wrapper profile identified in said step (a), setting a component identifier.
  - 59. A method according to claim 58, wherein said component identifier is changed to a different value in said step (c).
  - 60. A method according to claim 57, wherein said method is performed as part of an Identity System.
  - 61. A method according to claim 57, wherein said method is performed as part of an Access System.

62. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) identifying at least one wrapper profile satisfying criteria, wherein said criteria calls for said at least one wrapper profile to have a locking status of locked and said locking status to have been in place for at least a threshold period of time; and
  
  (b) for each wrapper profile identified in said step (a), setting a current time stamp.
- View Dependent Claims (63, 64)
- - 63. One or more processor readable storage devices according to claim 62, wherein said method includes the step of:
    - (c) for each wrapper profile identified in said step (a), setting a component identifier.
  - 64. One or more processor readable storage devices according to claim 62, wherein said method is performed as part of an Identity System.

65. A method of controlling profile access, comprising the step of:
- (a) identifying at least one wrapper profile corresponding to a criteria, wherein said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status corresponding to a profile being accessible; and
  
  (b) for each wrapper profile identified in said step (a) that has a locking status of not locked, setting a locking state.
- View Dependent Claims (66, 67, 68, 69, 70)
- - 66. A method according to claim 65, wherein said locking status has a value in a set consisting of shared and not locked.
  - 67. A method according to claim 65, wherein said method includes the steps of:
    - (c) identifying any wrapper profile in said at least one wrapper profile identified in step (a) that includes a wrapper profile with a shared locking status; and
      
      (d) setting a locking status for any wrapper profile identified in said step (c).
  - 68. A method according to claim 65, further including the step of:
    - (e) performing at least one action related to said at least one profile.
  - 69. A method according to claim 65, wherein said method is performed as part of an Identity System.
  - 70. A method according to claim 65, wherein said method is performed as part of an Access System.

71. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) identifying at least one wrapper profile corresponding to a criteria, wherein said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status corresponding to a profile being accessible; and
  
  (b) for each wrapper profile identified in said step (a) that has a locking status of not locked, setting a locking state.
- View Dependent Claims (72, 73)
- - 72. One or more processor readable storage devices according to claim 71, wherein said method includes the steps of:
    - (c) identifying any wrapper profile in said at least one wrapper profile identified in step (a) that includes a wrapper profile with a shared locking status; and
      
      (d) setting a locking status for any wrapper profile identified in said step (c).
  - 73. One or more processor readable storage devices according to claim 71, wherein said method is performed as part of an Identity System.

74. A method of controlling profile access, comprising the steps of:
- (a) identifying at least one wrapper profile corresponding to a criteria, wherein said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status of not locked; and
  
  (b) for each wrapper profile identified in said step (a), setting a locking status.
- View Dependent Claims (75, 76, 77)
- - 75. A method according to claim 74, wherein said locking status set in said step (b) is locked.
  - 76. A method according to claim 74, wherein said method is performed as part of an Identity System.
  - 77. A method according to claim 74, wherein said method is performed as part of an Access System.

78. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) identifying at least one wrapper profile corresponding to a criteria, wherein said at least one wrapper profile corresponds to at least one profile and said criteria calls for said at least one wrapper profile to have a locking status of not locked; and
  
  (b) for each wrapper profile identified in said step (a), setting a locking status.
- View Dependent Claims (79)
- - 79. One or more processor readable storage devices according to claim 78, wherein said method is performed as part of an Identity System.

80. A method of controlling profile access, comprising the steps of:
- (a) creating a user profile;
  
  (b) creating a first wrapper profile for said user profile;
  
  (c) creating at least one resource profile corresponding to said user profile; and
  
  (d) creating a wrapper profile for each resource profile in said at least one resource profile.
- View Dependent Claims (81, 82, 83, 84, 85, 86, 87, 88, 89)
- - 81. A method according to claim 80, wherein said method includes the step of:
    - (e) submitting a provisioning request.
  - 82. A method according to claim 81, wherein said method includes the steps of:
    - (f) selecting said provisioning request; and
      
      (g) accessing said first wrapper profile to determine if said user profile is locked; and
      
      (h) setting a locking state of said first wrapper profile to lock said user profile, if it is determined in said step (g) that said user profile is not locked.
  - 83. A method according to claim 82, wherein said method further includes the step of:
    - (j) determining whether an error occurred, if it is determined in said step (g) that said first wrapper profile is locked.
  - 84. A method according to claim 82, wherein said method further includes the steps of:
    - (k) identifying a wrapper profile for each not locked profile in said at least one resource profile; and
      
      (l) setting a locking state for each wrapper profile identified in said step (k).
  - 85. A method according to claim 84, wherein said locking state causes said each not locked profile in said at least one resource profile to become locked.
  - 86. A method according to claim 84, wherein said method further includes the step of:
    - (m) unlocking said user profile after at least one task called for by said provisioning request is completed.
  - 87. A method according to claim 86, wherein said step (m) includes the step of:
    - (1) deleting said first wrapper profile.
  - 88. A method according to claim 80, wherein said method is performed as part of an Identity System.
  - 89. A method according to claim 80, wherein said method is performed as part of an Access System.

90. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- (a) creating a user profile;
  
  (b) creating a first wrapper profile for said user profile;
  
  (c) creating at least one resource profile corresponding to said user profile; and
  
  (d) creating a wrapper profile for each resource profile in said at least one resource profile.
- View Dependent Claims (91, 92, 93, 94, 95)
- - 91. One or more processor readable storage devices according to claim 90, wherein said method includes the step of:
    - (e) submitting a provisioning request.
  - 92. One or more processor readable storage devices according to claim 91, wherein said method includes the steps of:
    - (f) selecting said provisioning request; and
      
      (g) accessing said first wrapper profile to determine if said user profile is locked; and
      
      (h) setting a locking state of said first wrapper profile to lock said user profile, if it is determined in said step (g) that said user profile is not locked.
  - 93. One or more processor readable storage devices according to claim 91, wherein said method further includes the steps of:
    - (j) identifying a wrapper profile for each not locked profile in said at least one resource profile;
      
      (k) setting a locking state for each wrapper profile identified in said step (j); and
      
      (l) unlocking said user profile after at least one task called for by said provisioning request is completed.
  - 94. One or more processor readable storage devices according to claim 93, wherein said step (l) includes the step of deleting said first wrapper profile.
  - 95. One or more processor readable storage devices according to claim 90, wherein said method is performed as part of an Identity System.

96. An apparatus, comprising:
- one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices, said one or more processors perform a method comprising the steps of;
  
  (a) creating a user profile;
  
  (b) creating a first wrapper profile for said user profile;
  
  (c) creating at least one resource profile corresponding to said user profile;
  
  (d) creating a wrapper profile for each resource profile in said at least one resource profile;
  
  (e) submitting a provisioning request;
  
  (f) selecting said provisioning request;
  
  (g) accessing said first wrapper profile to determine if said user profile is locked; and
  
  (h) setting a locking state of said first wrapper profile to lock said user profile, if it is determined in said step (g) that said user profile is not locked.
- View Dependent Claims (97, 98)
- - 97. An apparatus according to claim 96, wherein said method further includes the steps of:
    - (j) identifying a wrapper profile for each not locked profile in said at least one resource profile;
      
      (k) setting a locking state for each wrapper profile identified in said step (j); and
      
      (l) unlocking said user profile after at least one task called for by said provisioning request is completed.
  - 98. An apparatus according to claim 97, wherein said step (l) includes the step of deleting said first wrapper profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Lee, Chi-Cheng, Yuen, Stan, Sinn, Richard

Granted Patent

US 8,375,113 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

G06F 21/6227   where protection concerns t...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/105   Multiple levels of security

Employing wrapper profiles

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

210 Citations

98 Claims

Specification

Solutions

Use Cases

Quick Links

Employing wrapper profiles

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

210 Citations

98 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links