Application server object-level security for distributed computing domains

US 20040059940A1
Filed: 09/19/2002
Published: 03/25/2004
Est. Priority Date: 09/19/2002
Status: Active Grant

First Claim

Patent Images

1. A method in a distributed computing domain comprising:

distributing administrative objects and user objects to one or more application servers;

defining a global security flag for domain level security of administrative objects;

associating one or more application server security flags with interfaces to said distributed administrative objects; and

performing one or more security operations by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR'"'"'s for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.

29 Citations

View as Search Results

33 Claims

1. A method in a distributed computing domain comprising:
- distributing administrative objects and user objects to one or more application servers;
  
  defining a global security flag for domain level security of administrative objects;
  
  associating one or more application server security flags with interfaces to said distributed administrative objects; and
  
  performing one or more security operations by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as set forth in claim 1 wherein said step of performing security operations comprises providing separate security operations for administrative objects and user objects.
  - 3. The method as set forth in claim 1 wherein said step of associating application server security flags with administrative object interfaces comprises and action selected from the group of exporting a CORBA IOR with tagged components for user objects on application servers where application server user object security is enabled, and providing an object type in an UDDI registry for user objects on application servers where application server user object security is enabled.
  - 4. The method as set forth in claim 3 further comprising accessing a declarative list of objects to be protected.
  - 5. The method as set forth in claim 1 comprising providing a WebSphere application server.
  - 6. The method as set forth in claim 1 comprising providing a client process as an Enterprise Java Bean.
  - 7. The method as set forth in claim 1 comprising providing user objects as Enterprise Java Beans.
  - 8. The method as set forth in claim 1 comprising providing administrative objects as MBeans.
  - 9. The method as set forth in claim 1 comprising performing security operations selected from the list of authentication, authorization and transport protection.
  - 10. The method as set forth in claim 1 comprising employing a security protocol selected from the group of Simple Object Access Protocol and Inter-ORB Protocol.
  - 11. The method as set forth in claim 1 comprising employing a service description model selected from the group of IDL and Web Services Definition Language with Web Service Endpoint Language and Interface Definition Language.

12. A computer readable medium encoded with software for use in a distributed computing domain, said software performing steps comprising:
- distributing administrative objects and user objects to one or more application servers;
  
  defining a global security flag for domain level security of administrative objects;
  
  associating one or more application server security flags with interfaces to said distributed administrative objects; and
  
  performing one or more security operations by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The medium as set forth in claim 12 wherein said software for performing security operations comprises software for providing separate security operations for administrative objects and user objects.
  - 14. The medium as set forth in claim 12 wherein said software for associating application server security flags with administrative object interfaces comprises software for and action selected from the group of exporting a CORBA IOR with tagged components for user objects on application servers where application server user object security is enabled, and providing an object type in an UDDI registry for user objects on application servers where application server user object security is enabled.
  - 15. The medium as set forth in claim 14 further comprising software for accessing a declarative list of objects to be protected.
  - 16. The medium as set forth in claim 12 comprising a WebSphere application server.
  - 17. The medium as set forth in claim 12 comprising an Enterprise Java Bean client process.
  - 18. The medium as set forth in claim 12 comprising Enterprise Java Beans user object.
  - 19. The medium as set forth in claim 12 comprising an MBean administrative object.
  - 20. The medium as set forth in claim 12 comprising software for performing security operations selected from the list of authentication, authorization and transport protection.
  - 21. The medium as set forth in claim 12 comprising software for employing a security protocol selected from the group of Simple Object Access Protocol and Inter-ORB Protocol.
  - 22. The medium as set forth in claim 12 comprising software for employing a service description model selected from the group of IDL and Web Services Definition Language with Web Service Endpoint Language (“
    - WSEL”
      
      ) and Interface Definition Language.

23. An object-level security system in a distributed computing domain comprising:
- one or more administrative objects and one or more user objects distributed among one or more application servers;
  
  a global security flag defining security of said administrative objects within a networked computing domain level;
  
  one or more application server security flags associated with interfaces to said distributed administrative objects; and
  
  one or more security operations performable by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The system as set forth in claim 23 wherein said security operation comprises separate security operations for administrative objects and user objects.
  - 25. The system as set forth in claim 24 wherein said application server security flags associated with administrative object interfaces comprises object type indicators selected from the group of a CORBA IOR with tagged components for user objects on application servers where application server user object security is enabled, and an object type in an UDDI registry for user objects on application servers where application server user object security is enabled.
  - 26. The system as set forth in claim 25 further comprising a declarative list of objects to be protected for determining which IOR or UDDI registry entries are to be modified to enable user object security.
  - 27. The system as set forth in claim 23 comprising a WebSphere application server.
  - 28. The system as set forth in claim 23 comprising an Enterprise Java Bean client process.
  - 29. The system as set forth in claim 23 comprising an Enterprise Java Beans user object.
  - 30. The system as set forth in claim 23 comprising an MBean administrative object.
  - 31. The system as set forth in claim 23 comprising security operations selected from the list of authentication, authorization and transport protection.
  - 32. The system as set forth in claim 23 comprising a security protocol selected from the group of Simple Object Access Protocol and Inter-ORB Protocol.
  - 33. The system as set forth in claim 23 comprising a service description model selected from the group of IDL and Web Services Definition Language with Web Service Endpoint Language and Interface Definition Language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Venkataramappa, Vishwanath, Chao, Ching-Yun, Birk, Peter Daniel, Chung, Hyen Vui, Reddy, Ajaykumar Karkala, Mason, Carlton Keith

Granted Patent

US 7,448,066 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/31 User authentication

Application server object-level security for distributed computing domains

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Application server object-level security for distributed computing domains

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links