Delegation in a distributed security system

US 20050102510A1
Filed: 10/08/2004
Published: 05/12/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for delegating enterprise security capabilities, comprising:

providing a capability for a first user, wherein the capability can be expressed as a policy;

delegating the capability from the first user to a second user;

wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability; and

wherein the delegated capability is propagated in a distributed enterprise security system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for delegating enterprise security capabilities, comprising, providing a capability for a first user, wherein the capability can be expressed as a policy, delegating the capability from the first user to a second user, wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability, and wherein the delegated capability is propagated in a distributed enterprise security system.

Citations

30 Claims

1. A method for delegating enterprise security capabilities, comprising:
- providing a capability for a first user, wherein the capability can be expressed as a policy;
  
  delegating the capability from the first user to a second user;
  
  wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability; and
  
  wherein the delegated capability is propagated in a distributed enterprise security system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 29)
- - 2. The method of claim 1 wherein:
    - the capability is subject to at least one constraint imposed on the second user.
  - 3. The method of claim 2 wherein:
    - the at least one constraint can prevent the second user from having the capability.
  - 4. The method of claim 2 wherein:
    - the at least one constraint can include at least one of;
      
           1) a range of time;
      
           2) a start time;
      
           3) an expiration time;
      
           4) a repeating time/date; and
      
           5) other constraints related to attributes of the second user.
  - 5. The method of claim 1 wherein:
    - the capability is associated with a resource.
  - 6. The method of claim 5 wherein:
    - a child of the resource can inherit the capability.
  - 7. The method of claim 1 wherein:
    - a policy is an association between a privilege, an action or a role, and a subject.
  - 8. The method of claim 7 wherein:
    - a role describes capabilities a user or group is permitted to hold for a given scope.
  - 9. The method of claim 1 wherein:
    - the second user can delegate the capability to a third user.
  - 10. The method of claim 1 wherein:
    - the second user can be prevented from delegating the capability to a third user.
  - 29. The machine readable medium of claim 1 wherein:
    - the second user can be prevented from delegating the capability to a third user.

11. A method for delegating enterprise security capabilities, comprising:
- providing a capability for a first user, wherein the capability can be expressed as a policy;
  
  delegating the capability from the first user to a second user;
  
  wherein the capability can be subject to at least one constraint imposed on the second user;
  
  wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability; and
  
  wherein the delegated capability is propagated in a distributed enterprise security system.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 wherein:
    - the at least one constraint can prevent the second user from having the capability.
  - 13. The method of claim 11 wherein:
    - the at least one constraint can include at least one of;
      
           1) a range of time;
      
           2) a start time;
      
           3) an expiration time;
      
           4) a repeating time/date; and
      
           5) other constraints related to attributes of the second user.
  - 14. The method of claim 11 wherein:
    - the capability is associated with a resource.
  - 15. The method of claim 14 wherein:
    - a child of the resource can inherit the capability.
  - 16. The method of claim 11 wherein:
    - a policy is an association between a privilege, an action or a role, and a subject.
  - 17. The method of claim 16 wherein:
    - a role describes capabilities a user or group is permitted to hold for a given scope.
  - 18. The method of claim 11 wherein:
    - the second user can delegate the capability to a third user.
  - 19. The method of claim 11 wherein:
    - the second user can be prevented from delegating the capability to a third user.

20. A machine readable medium having instructions stored thereon to cause a system to:
- provide a capability for a first user, wherein the capability can be expressed as a policy;
  
  delegate the capability from the first user to a second user;
  
  wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability; and
  
  wherein the delegated capability is propagated in a distributed enterprise security system.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The machine readable medium of claim 20 wherein:
    - the capability is subject to at least one constraint imposed on the second user.
  - 22. The machine readable medium of claim 21 wherein:
    - the at least one constraint can prevent the second user from having the capability.
  - 23. The machine readable medium of claim 21 wherein:
    - the at least one constraint can include at least one of;
      
           1) a range of time;
      
           2) a start time;
      
           3) an expiration time;
      
           4) a repeating time/date; and
      
           5) other constraints related to attributes of the second user.
  - 24. The machine readable medium of claim 20 wherein:
    - the capability is associated with a resource.
  - 25. The machine readable medium of claim 24 wherein:
    - a child of the resource can inherit the capability.
  - 26. The machine readable medium of claim 20 wherein:
    - a policy is an association between a privilege, an action or a role, and a subject.
  - 27. The machine readable medium of claim 26 wherein:
    - a role describes capabilities a user or group is permitted to hold for a given scope.
  - 28. The machine readable medium of claim 20 wherein:
    - the second user can delegate the capability to a third user.

30. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for providing a capability for a first user, wherein the capability can be expressed as a policy;
  
  a code segment including instructions for delegating the capability from the first user to a second user;
  
  wherein the second user is allowed to have the capability only at times when the first user is allowed to have the capability; and
  
  wherein the delegated capability is propagated in a distributed enterprise security system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/961,637
Publication Number

US 20050102510A1
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Delegation in a distributed security system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Delegation in a distributed security system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links