Configuration of a distributed security system

US 20050251851A1
Filed: 10/08/2004
Published: 11/10/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for distributing security information, comprising:

a remote interface capable of accepting the information from a distributor wherein the information includes at least one of;

policy information and configuration information;

a local interface capable of providing the information to at least one services layer;

wherein the at least one services layer includes at least one security provider; and

wherein the at least one services layer can dynamically configure the at least one security provider based on the information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributing security information, comprising, a remote interface capable of accepting the information from a distributor wherein the information includes at least one of: policy information and configuration information, a local interface capable of providing the information to at least one services layer, wherein the at least one services layer includes at least one security provider, and wherein the at least one services layer can dynamically configure the at least one security provider based on the information.

118 Citations

View as Search Results

28 Claims

1. A system for distributing security information, comprising:
- a remote interface capable of accepting the information from a distributor wherein the information includes at least one of;
  
  policy information and configuration information;
  
  a local interface capable of providing the information to at least one services layer;
  
  wherein the at least one services layer includes at least one security provider; and
  
  wherein the at least one services layer can dynamically configure the at least one security provider based on the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein:
    - the at least one security provider is capable of providing one of the following capabilities;
      
           1) authentication;
      
           2) authorization;
      
           3) auditing;
      
           4) role mapping; and
      
           5) credential mapping.
  - 3. The system of claim 1 wherein:
    - a security provider includes a service provider interface through which it integrates into a services layer.
  - 4. The system of claim 1 wherein:
    - the policy information can include one or more of;
      
      an authorization policy, a role policy, an authentication policy, an auditing policy, and credential mapping information.
  - 5. The system of claim 4 wherein:
    - an authorization policy can be delegated.
  - 6. The system of claim 4 wherein:
    - a role policy establishes who can be in a role.
  - 7. The system of claim 4 wherein:
    - an authorization policy is an association between at least one resource, an action, and a subject.
  - 8. The system of claim 1 wherein:
    - a services layer can query the system via the local interface.
  - 9. The system of claim 1 wherein:
    - the information includes only information that has changed.

10. A method for distributing security information, comprising:
- accepting the information via a first interface wherein the information includes at least one of;
  
  policy information and configuration information;
  
  providing the information to at least one services layer via a second interface;
  
  wherein the at least one services layer includes at least one security provider; and
  
  wherein the at least one services layer can dynamically configure the at least one security provider based on the information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10 wherein:
    - a security provider is capable of providing one of the following capabilities;
      
           1) authentication;
      
           2) authorization;
      
           3) auditing;
      
           4) role mapping; and
      
           5) credential mapping.
  - 12. The method of claim 10 wherein:
    - a security provider includes a service provider interface through which it integrates into a services layer.
  - 13. The method of claim 10 wherein:
    - the policy information can include one or more of;
      
      an authorization policy, a role policy, an authentication policy, an auditing policy, and credential mapping information.
  - 14. The method of claim 13 wherein:
    - an authorization policy can be delegated.
  - 15. The method of claim 13 wherein:
    - a role policy establishes who can be in a role.
  - 16. The method of claim 13 wherein:
    - an authorization policy is an association between at least one resource, an action, and a subject.
  - 17. The method of claim 10 wherein:
    - a services layer can query the system via the local interface.
  - 18. The method of claim 10 wherein:
    - the information includes only information that has changed.

19. A machine readable medium having instructions stored thereon to cause a system to:
- accept information via a first interface wherein the information includes at least one of;
  
  policy information and configuration information;
  
  provide the information to at least one services layer via a second interface;
  
  wherein the at least one services layer includes at least one security provider; and
  
  wherein the at least one services layer can dynamically configure the at least one security provider based on the information.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The machine readable medium of claim 19 wherein:
    - a security provider is capable of providing one of the following capabilities;
      
           1) authentication;
      
           2) authorization;
      
           3) auditing;
      
           4) role mapping; and
      
           5) credential mapping.
  - 21. The machine readable medium of claim 19 wherein:
    - a security provider includes a service provider interface through which it integrates into a services layer.
  - 22. The machine readable medium of claim 19 wherein:
    - the policy information can include one or more of;
      
      an authorization policy, a role policy, an authentication policy, an auditing policy, and credential mapping information.
  - 23. The machine readable medium of claim 22 wherein:
    - an authorization policy can be delegated.
  - 24. The machine readable medium of claim 22 wherein:
    - a role policy establishes who can be in a role.
  - 25. The machine readable medium of claim 22 wherein:
    - an authorization policy is an association between at least one resource, an action, and a subject.
  - 26. The machine readable medium of claim 19 wherein:
    - one of the at least one security providers can query capability information via the local interface.
  - 27. The machine readable medium of claim 19 wherein:
    - the information includes only information that has changed.

28. A computer signal embodied in a transmission medium, comprising:
- a code segment including instructions for accepting information via a first interface wherein the information includes at least one of;
  
  policy information and configuration information;
  
  a code segment including instructions for providing the information to at least one services layer via a second interface;
  
  wherein the at least one services layer includes at least one security provider; and
  
  wherein the at least one services layer can dynamically configure the at least one security provider based on the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/962,067
Publication Number

US 20050251851A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Configuration of a distributed security system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Configuration of a distributed security system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links