Application server object-level security for distributed computing domains
First Claim
1. A method in a distributed computing domain comprising:
- distributing administrative objects and user objects to one or more application servers;
defining a global security flag for domain level security of administrative objects;
associating one or more application server security flags with interfaces to said distributed administrative objects; and
performing one or more security operations by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled.
1 Assignment
0 Petitions
Accused Products
Abstract
Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR'"'"'s for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
29 Citations
33 Claims
-
1. A method in a distributed computing domain comprising:
-
distributing administrative objects and user objects to one or more application servers;
defining a global security flag for domain level security of administrative objects;
associating one or more application server security flags with interfaces to said distributed administrative objects; and
performing one or more security operations by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer readable medium encoded with software for use in a distributed computing domain, said software performing steps comprising:
-
distributing administrative objects and user objects to one or more application servers;
defining a global security flag for domain level security of administrative objects;
associating one or more application server security flags with interfaces to said distributed administrative objects; and
performing one or more security operations by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An object-level security system in a distributed computing domain comprising:
-
one or more administrative objects and one or more user objects distributed among one or more application servers;
a global security flag defining security of said administrative objects within a networked computing domain level;
one or more application server security flags associated with interfaces to said distributed administrative objects; and
one or more security operations performable by an application server in cooperation with a client process in one of three modes, in which first mode user objects and administrative objects are protected if said global security flag and said associated application server security flags are enabled, in said second mode user objects are used without security operations but administrative objects are protected wherein said global security flag is enabled and said associated application server flag is disabled, and in said third mode user objects and administrative objects are used without security operations wherein said global security flag is disabled. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification