Systems and methods of access control enabling ownership of access control lists to users or groups

US 20060101019A1
Filed: 11/05/2004
Published: 05/11/2006
Est. Priority Date: 11/05/2004
Status: Active Grant

First Claim

Patent Images

1. A method of creating access control lists that can be used by a plurality of users, said method comprising:

receiving, from a first user, information for an access control list;

receiving, from the first user, a set of privileges for the access control list that have been granted to a second user; and

permitting the second user to use the access control list based on the set of privileges that were granted by the first user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention support a flexible access control design that includes flexible ownership and assignment of access control lists (ACLs). The ACLs can be assigned to one or more resources, or items, or types of resources or items. A creator or owner of an ACL can grant privileges to others such that they may modify or assign the ACL. Each ACL can have one or more owners, i.e., users that can exercise control over the ACL. Any owner of an ACL can designate certain privileges to other users. These other users may then use the ACL based on the privileges granted to them.

125 Citations

24 Claims

1. A method of creating access control lists that can be used by a plurality of users, said method comprising:
- receiving, from a first user, information for an access control list;
  
  receiving, from the first user, a set of privileges for the access control list that have been granted to a second user; and
  
  permitting the second user to use the access control list based on the set of privileges that were granted by the first user.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising naming automatically the access control list.
  - 3. The method of claim 1, wherein receiving the set of privileges for the access control list comprises receiving information that indicates the second user has been granted ownership rights to the access control list.
  - 4. The method of claim 1, wherein receiving the set of privileges for the access control list comprises receiving information that indicates the second user has been granted a right to assign the access control list to a resource.

5. A computer system for creating access control lists that can be used by a plurality of users, said apparatus comprising:
- a memory having program instructions; and
  
  a processor, responsive to the programming instructions, configured to;
  
  receive, from a first user, information for an access control list;
  
  receive, from the first user, a set of privileges for the access control list that have been granted to a second user; and
  
  permit the second user to use the access control list based on the set of privileges that were granted by the first user.

6. A computer program product embodied on a computer usable medium, the computer program product for creating access control lists that can be used by a plurality of users, comprising:
- means for receiving, from a first user, information for an access control list;
  
  means for receiving, from the first user, a set of privileges for the access control list that have been granted to a second user; and
  
  means for permitting the second user to use the access control list based on the set of privileges that were granted by the first user.

7. A computer-readable medium on which is stored instructions, which when executed performs steps in a method of creating access control lists that can be used by a plurality of users, the steps comprising:
- receiving, from a first user, information for an access control list;
  
  receiving, from the first user, a set of privileges for the access control list that have been granted to a second user, and permitting the second user to use the access control list based on the set of privileges that were granted by the first user.

8. A method of assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use of the access control list, said method comprising:
- receiving a request from the at least one additional user to assign the access control list to the protected resource;
  
  determining a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
  
  permitting the at least one additional user to assign the access control list to the protected resource based on the set of privileges.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The method of claim 8, wherein receiving the request from the at least one additional user comprises receiving a request to modify the access control list.
  - 10. The method of claim 8, wherein determining the set of privileges that have been granted from the first user to the at least one additional user comprises determining whether the first user has granted ownership rights of the access control list to the at least additional user.
  - 11. The method of claim 10, wherein the at least one additional user is permitted to modify the access control list when granted ownership rights.
  - 12. The method of claim 10, wherein the at least one additional user is permitted to delete the access control list when granted ownership tights.
  - 13. The method of claim 8, wherein determining the set of privileges that have been granted from the first user to the at least one additional user comprises determining whether the first user has granted the at least one additional user the right to assign the access control list to a protected resource.
  - 14. The method of claim 13, wherein the at least one additional user is restricted from modifying the access control list and permitted to assign the access control list to the protected resource.
  - 15. The method of claim 8, further comprising providing to the at least one additional user information that indicates a set of access control lists to which the at least the one additional user has been granted privileges.
  - 16. The method of claim 15, wherein providing to the at least one additional user information that indicates the set of access control lists to which the at least the one additional user has been granted privileges comprises providing names of access control lists that match criteria specified by the at least on additional user.

17. A computer system for assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use or the access control list, said system comprising:
- a memory having program instructions; and
  
  a processor, responsive to the programming instructions, configured to;
  
  receive a request from the at least one additional user to assign the access control list to the protected resource;
  
  determine a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
  
  permit the at least additional user to assign the access control list to the protected resource based on the set of privileges.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The computer system of claim 17, wherein the means for receiving the request from the at least one additional user comprises means for receiving a request to modify the access control list.
  - 19. The computer system of claim 17, wherein the means for determining the set of privileges that have been granted from the first user to the at least one additional user comprises means for determining whether the first user has granted ownership rights of the access control list to the at least additional user.
  - 20. The computer system of claim 17, wherein the means for determining the set of privileges that have been granted from the first user to the at least one additional user comprises means for determining whether the first user has granted the at least one additional user the right to assign the access control list to a protected resource.
  - 21. The computer system of claim 17, further comprising means for providing to the at least one additional user information that indicates a set of access control lists to which the at least the one additional user has been granted privileges.
  - 22. The computer system of claim 21, wherein the means for providing to the at least one additional user information that indicates the set of access control lists to which the at least the one additional user has been granted privileges comprises means for providing names of access control lists that match criteria specified by the at least on additional user.

23. A computer program product embodied on a computer usable medium, the computer program product for assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use of the access control list comprising:
- means for receiving a request from the at least one additional user to assign the access control list to the protected resource;
  
  means for determining a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
  
  means for permitting the at least one additional user to assign the access control list to the protected resource based on the set of privileges.

24. A computer-readable medium on which is stored instructions, which when executed performs steps in a method of assigning an access control list to a protected resource, wherein said access control list has been created by a first user and at least one additional user is permitted use of the access control list, the steps comprising:
- receiving a request from the at least one additional user to assign the access control list to the protected resource;
  
  determining a set of privileges that have been granted from the first user to the at least one additional user for the access control list; and
  
  permitting the at least one additional user to assign the access control list to the protected resource based on the set of privileges.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nelson, Kenneth Carlin, Noronha, Marilene A.

Granted Patent

US 9,697,373 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Systems and methods of access control enabling ownership of access control lists to users or groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

125 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of access control enabling ownership of access control lists to users or groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links