Delegated administration for a distributed security system
First Claim
1. A method comprising the steps of:
- delegating a capability from a first user to a second user;
propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources;
providing the evidence to a first security service module belonging to the plurality of security service modules;
enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and
wherein the enforcement is carried out by the first security service module.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method comprising the steps of, delegating a capability from a first user to a second user, propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources, providing the evidence to a first security service module belonging to the plurality of security service modules, enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module, and wherein the enforcement is carried out by the first security service module.
121 Citations
34 Claims
-
1. A method comprising the steps of:
-
delegating a capability from a first user to a second user;
propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources;
providing the evidence to a first security service module belonging to the plurality of security service modules;
enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and
wherein the enforcement is carried out by the first security service module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a distribution point capable of propagating information to a plurality of processes wherein the information includes evidence of a delegation from a first user to a second user;
the plurality of processes wherein each one of the plurality of processes includes a security service module capable of protecting one or more resources;
a first security service module belonging to a first process of the plurality of processes, wherein the evidence of delegation is provided to the first security service module;
wherein the delegation is enforced when the second user attempts to access a resource of the one or more resources wherein the resource is protected by the first process; and
wherein the enforcement is carried out by the first security service module. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A machine readable medium having instructions stored thereon to cause a system to:
-
delegate a capability from a first user to a second user;
propagate information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources;
provide the evidence to a first security service module belonging to the plurality of security service modules;
enforce the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and
wherein the enforcement is carried out by the first security service module. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer signal embodied in a transmission medium, comprising:
-
a code segment including instructions for delegating a capability from a first user to a second user;
a code segment including instructions for propagating information that includes evidence of the delegation to a plurality of security service modules, wherein each one of the plurality of security service modules is capable of protecting one or more resources;
a code segment including instructions for providing the evidence to a first security service module belonging to the plurality of security service modules;
a code segment including instructions for enforcing the delegation when the second user attempts to access a resource in the one or more resources wherein the resource is protected by the first security service module; and
wherein the enforcement is carried out by the first security service module.
-
Specification