Dynamic delegation method and device using the same

US 20050132215A1
Filed: 03/19/2004
Published: 06/16/2005
Est. Priority Date: 12/11/2003
Status: Abandoned Application

First Claim

Patent Images

1. A delegation method, implemented in a delegation system, comprising the steps of:

providing delegation policies as general rules for limiting delegation;

receiving a delegation condition and a delegation approval submitted by a grantor for vesting authority of the grantor'"'"'s role to a grantee, wherein the grantor'"'"'s role is designated the authority to access a set of data; and

determining consequent authority vested to the grantee based on the delegation approval, the delegation condition and the delegation policies.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A dynamic delegation method. First, a set of delegation policies are provided as general rules for limiting delegation. Next, two kinds of data are received, including a delegation condition and a delegation approval submitted by a grantor for vesting authority of the grantor'"'"'s role to a grantee, wherein the grantor'"'"'s role is granted the authority to access a set of data. Next, consequent authority actually vested to the grantee is determined based on the delegation approval, the delegation condition and the delegation policies.

73 Citations

View as Search Results

20 Claims

1. A delegation method, implemented in a delegation system, comprising the steps of:
- providing delegation policies as general rules for limiting delegation;
  
  receiving a delegation condition and a delegation approval submitted by a grantor for vesting authority of the grantor'"'"'s role to a grantee, wherein the grantor'"'"'s role is designated the authority to access a set of data; and
  
  determining consequent authority vested to the grantee based on the delegation approval, the delegation condition and the delegation policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1, wherein the delegation condition is presented in extensible markup language (XML).
  - 3. The method as claimed in claim 1, wherein the delegation condition comprises a static condition for limiting the vested authority.
  - 4. The method as claimed in claim 3, wherein the static condition comprises at least a total time condition, a time condition, a location condition or a function condition.
  - 5. The method as claimed in claim 1, wherein the delegation condition comprises a dynamic condition for limiting the vested authority.
  - 6. The method as claimed in claim 5, wherein the dynamic condition comprises at least a session condition or a group condition.
  - 7. The method as claimed in claim 1, further comprising the steps of:
    - storing the vested consequent authority as consequent delegation information;
      
      creating a temporary role according to the consequent delegation information using a role-based system; and
      
      designating the temporary role to the grantee.
  - 8. The method as claimed in claim 1, wherein the determining step further comprises the steps of:
    - determining whether the delegation condition satisfies the delegation policies;
      
      adjusting the delegation condition to the delegation policies when the delegation condition does not satisfy the delegation policies; and
      
      acquiring a consequent delegation condition, where the consequent delegation condition comprises, when the delegation condition does not satisfy the delegation policies, the adjusted delegation condition or, when the delegation condition satisfies the delegation policies, comprises the delegation condition.
  - 9. The method as claimed in claim 8, further comprising the steps of:
    - determining whether usage of the set of data satisfies the consequent delegation condition; and
      
      retracting the vested authority when usage of the set of data does not satisfy the consequent delegation condition.

10. A delegation device, comprising:
- a memory storing delegation policies as general rules for limiting delegation;
  
  a receiving unit for receiving a delegation condition and a delegation approval submitted by a grantor for vesting authority of the grantor'"'"'s role to a grantee, wherein the grantor'"'"'s role is designated the authority to access a set of data; and
  
  a processing unit for determining consequent authority vested to the grantee based on the delegation approval, the delegation condition and the delegation policies.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The device as claimed in claim 10, wherein the delegation condition comprises a static condition for limiting the vested authority.
  - 12. The device as claimed in claim 10, wherein the delegation condition comprises a dynamic condition for limiting the vested authority.
  - 13. The device as claimed in claim 10, wherein the processing unit further determines whether the delegation condition satisfies the delegation policies, adjusts the delegation condition to the delegation policies when the delegation condition does not satisfy the delegation policies, and acquires a consequent delegation condition, where the consequent delegation condition comprises, when the delegation condition does not satisfy the delegation policies, the adjusted delegation condition or, when the delegation condition satisfies the delegation policies, comprises the delegation condition.
  - 14. The device as claimed in claim 13, wherein the processing unit further determines whether usage of the set of data satisfies the consequent delegation condition, and retracting the vested authority when usage of the set of data does not satisfy the consequent delegation condition.

15. A machine-readable storage medium storing a computer program which, when executed, directs a computer to perform a delegation method, comprising the steps of:
- receiving a delegation condition and a delegation approval submitted by a grantor for vesting authority of the grantor'"'"'s role to a grantee, wherein the grantor'"'"'s role is designated the authority to access a set of data;
  
  reading delegation policies as general rules for limiting delegation; and
  
  determining consequent authority vested to the grantee based on the delegation approval, the delegation condition and the delegation policies.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The machine-readable storage medium as claimed in claim 15, wherein the delegation condition comprises a static condition for limiting the vested authority.
  - 17. The machine-readable storage medium as claimed in claim 15, wherein the delegation condition comprises a dynamic condition for limiting the vested authority.
  - 18. The machine-readable storage medium as claimed in claim 15, wherein the delegation method further comprises the steps of:
    - storing the vested consequent authority as consequent delegation information;
      
      creating a temporary role according to the consequent delegation information using a role-based system; and
      
      designating the temporary role to the grantee.
  - 19. The machine-readable storage medium as claimed in claim 15, wherein the determining step further comprises the steps of:
    - determining whether the delegation condition satisfies the delegation policies;
      
      adjusting the delegation condition to the delegation policies when the delegation condition does not satisfy the delegation policies; and
      
      generating a consequent delegation condition, where the consequent delegation condition comprises, when the delegation condition does not satisfy the delegation policies, the adjusted delegation condition or, when the delegation condition satisfies the delegation policies, comprises the delegation condition.
  - 20. The machine-readable storage medium as claimed in claim 19, wherein the delegation method further comprises the steps of:
    - determining whether usage of the set of data satisfies the consequent delegation condition; and
      
      retracting the vested authority when usage of the set of data does not satisfy the consequent delegation condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Institute For Information Industry
Original Assignee
Institute For Information Industry
Inventors
Yang, Chih-Wei, Wang, Chung-Ren

Application Number

US10/804,415
Publication Number

US 20050132215A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Dynamic delegation method and device using the same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Dynamic delegation method and device using the same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others