Distributed security system policies

US 20050262362A1
Filed: 10/08/2004
Published: 11/24/2005
Est. Priority Date: 10/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A memory for storing data for access by an application program being executed on a computer system, comprising:

a data structure stored in said memory, said data structure including;

a name attribute wherein the name identifies an action or a role;

a resource attribute wherein the resource attribute specifies a resource in a hierarchy of resources and determines a scope for the name attribute;

a subject attribute wherein the subject attribute specifies at least one of;

a user and group; and

wherein the application program accesses the memory through an interface that is part of a security service module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A memory for storing data for access by an application program being executed on a computer system, comprising, a data structure stored in said memory, said data structure including, a name attribute wherein the name identifies an action or a role, a resource attribute wherein the resource attribute specifies a resource in a hierarchy of resources and determines a scope for the name attribute, a subject attribute wherein the subject attribute specifies at least one of, a user and group, and wherein the application program accesses the memory through an interface that is part of a security service module.

148 Citations

View as Search Results

11 Claims

1. A memory for storing data for access by an application program being executed on a computer system, comprising:
- a data structure stored in said memory, said data structure including;
  
  a name attribute wherein the name identifies an action or a role;
  
  a resource attribute wherein the resource attribute specifies a resource in a hierarchy of resources and determines a scope for the name attribute;
  
  a subject attribute wherein the subject attribute specifies at least one of;
  
  a user and group; and
  
  wherein the application program accesses the memory through an interface that is part of a security service module.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data structure of claim 1, wherein the name attribute includes:
    - a path component, wherein the path component indicates whether the name attribute is for an action or a role; and
      
      an identifier component, wherein the identifier component specifies a unique identifier for the path.
  - 3. The data structure of claim 1, wherein the data structure further comprises:
    - one or more constraint attributes; and
      
      wherein a constraint attribute can place conditions on a role or a policy.
  - 4. The data structure of claim 1, wherein the data structure further comprises:
    - a delegator attribute which is the identity of a user, a group or a role that delegates the action or the role to the subject.
  - 5. The data structure of claim 1 wherein:
    - a role specifies capabilities a user or group can hold in a given scope.
  - 6. The memory of claim 1 wherein:
    - the security service module is part of a distributed security system; and
      
      wherein the security service module includes one or more plugin security provider modules.

7. A memory for storing data for access by an application program being executed on a computer system, comprising:
- a data structure stored in said memory, said data structure including;
  
  a name attribute wherein the name attribute includes;
  
  a path component, wherein the path component indicates whether the name attribute identifies an action or a role;
  
  an identifier component, wherein the identifier component specifies a unique identifier for the path. a resource attribute wherein the resource attribute specifies a resource in a hierarchy of resources and determines a scope for the name attribute;
  
  a subject attribute wherein the subject attribute specifies at least one of;
  
  a user and a group; and
  
  wherein the application program accesses the memory through an interface that is part of a security service module.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The data structure of claim 7, wherein the data structure further comprises:
    - one or more constraint attributes; and
      
      wherein a constraint attribute can place conditions on a role or a policy.
  - 9. The memory of claim 7 wherein:
    - a delegator attribute which is the identity of a user, a group or a role that delegates the action or the role to the subject.
  - 10. The memory of claim 7 wherein:
    - a role specifies capabilities a user or group can hold in a given scope.
  - 11. The memory of claim 7 wherein:
    - the security service module is part of a distributed security system; and
      
      wherein the security service module includes one or more plugin security provider modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BEA Systems Incorporated (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Xu, Mingde, Byrne, David, Howes, Jason, Patrick, Paul, Riendeau, Richard J., Yagen, Kenneth D., Falco, Mark A.

Application Number

US10/961,593
Publication Number

US 20050262362A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/20 for managing network securi...

Distributed security system policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

148 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed security system policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links