Scoped access control metadata element
First Claim
1. A method for determining access rights to a range of objects by a range of users, comprising:
- (a) receiving identifying information corresponding to a user attempting to access a resource;
(b) determining whether the resource is encompassed by a first range defined in an access control metadata element;
(c) based on the identifying information, determining whether the user is encompassed by a second range defined in the access control metadata element; and
(d) when steps (b) and (c) are answered in the affirmative, applying access rights defined in the access control metadata element.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.
141 Citations
18 Claims
-
1. A method for determining access rights to a range of objects by a range of users, comprising:
-
(a) receiving identifying information corresponding to a user attempting to access a resource;
(b) determining whether the resource is encompassed by a first range defined in an access control metadata element;
(c) based on the identifying information, determining whether the user is encompassed by a second range defined in the access control metadata element; and
(d) when steps (b) and (c) are answered in the affirmative, applying access rights defined in the access control metadata element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer comprising a processor controlling operation of the computer according to computer readable instructions stored in a memory, wherein, upon execution of the computer readable instructions by the processor, the computer performs a method comprising:
-
(a) receiving identifying information corresponding to a user attempting to access the resource;
(b) determining whether the resource is encompassed by a first range defined in an access control metadata element;
(c) based on the identifying information, determining whether the user is encompassed by a second range defined in the access control metadata element; and
(d) when steps (b) and (c) are answered in the affirmative, applying access rights defined in the access control metadata element. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsKaler, Christopher G., Waingold, Elliot, Della-Libera, Giovanni
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06F 21/6218 to a system of files or obj...G06F 2221/2141 Access rights, e.g. capabil...H04L 45/34 Source routingH04L 45/566 Routing instructions carrie...H04L 63/04 for providing a confidentia...H04L 63/0428 wherein the data content is...H04L 63/08 for authentication of entit...H04L 63/102 Entity profilesH04L 63/123 received data contents, e.g...H04L 63/126 the source of the received ...H04L 67/02 based on web technology, e....Y10S 707/99939 Privileged access
