Managing access with resource control lists and resource replication

US 20060282900A1
Filed: 06/10/2005
Published: 12/14/2006
Est. Priority Date: 06/10/2005
Status: Abandoned Application

First Claim

Patent Images

1. In a computerized environment in which one or more computer systems communicate secure and non-secure information, a method of managing resources such that resource access can be easily identified and shared between computer systems in a secure manner, comprising the acts of:

receiving a request from an accessor for access to one or more resources;

identifying an accessor object for the accessor;

identifying a resource control list;

identifying that at least one of the requested one or more resources is associated with an allow classification in the resource control list; and

sending a message indicating that the identified at least one of the requested one or more resources is accessible.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Resources in a computerized environment can be organized into objects and resource groups, which are, in turn, managed by one or more resource control lists. For example, a computer system (i.e., an accessor) can be represented by an object at a managing computer system. The computer system object includes a resource control list that indicates what groups of objects can be accessed, and/or what groups of objects cannot be accessed. A request by the computer system for a resource, such as a user object, can involve the managing computer system identifying the computer system object, reviewing the resource control list for the computer system object, and then reviewing whether the requested resource is found in an accessible group. Additional implementations relate to ensuring that resources are accessed appropriately, such as at a point when all resource updates have been sent, received, and implemented for the given resource.

106 Citations

20 Claims

1. In a computerized environment in which one or more computer systems communicate secure and non-secure information, a method of managing resources such that resource access can be easily identified and shared between computer systems in a secure manner, comprising the acts of:
- receiving a request from an accessor for access to one or more resources;
  
  identifying an accessor object for the accessor;
  
  identifying a resource control list;
  
  identifying that at least one of the requested one or more resources is associated with an allow classification in the resource control list; and
  
  sending a message indicating that the identified at least one of the requested one or more resources is accessible.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein the request includes a query regarding the identity of one or more files or peripheral devices that can be accessed by a user object.
  - 3. The method as recited in claim 1, wherein the request includes a query regarding the identity of user objects that can be read by the accessor.
  - 4. The method as recited in claim 1, wherein the query includes a request regarding an identity of one or more user objects that can access a particular one of the one or more resources.
  - 5. The method as recited in claim 4, wherein the one or more user objects are found in a grouping having access permissions defined by the resource control list.
  - 6. The method as recited in claim 1, further comprising:
    - receiving a request for a first resource, wherein the resource control list indicates that the first resource is in a group that cannot be accessed by the accessor; and
      
      replying that the accessor does not have access to the first resource.
  - 7. The method as recited in claim 1, wherein the request comprises a query for resources accessible to a first user object and to a second user object, wherein the first user object is associated with a first group having a first resource control list, and wherein the second user object is associated with a second group having a second resource control list.
  - 8. The method as recited in claim 7, further comprising, responding based on information contained in the first and second resource control lists that the first user object can access a first set of resources.
  - 9. The method as recited in claim 8, further comprising responding that the second user object can access a second set of resources, wherein the first set of resources and the second set of resources are different.

10. In a computerized environment in which one or more computer systems communicate secure and non-secure information, a method of correlating updates to one or more resources between computer systems in a simple and secure manner, comprising the acts of:
- receiving an indicator that a resource has been updated at an originating computer system;
  
  receiving one or more components of a corresponding resource update from the originating computer system;
  
  sending one or more responses, before all of the one or more components have been received, that the resource is unavailable;
  
  updating the resource after all of the one or more components have been received; and
  
  responding to a new request for the resource in accordance with the updated resource.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method as recited in claim 10, wherein responding to the new request for the resource in accordance with the updated resource comprises providing the updated resource to the requester.
  - 12. The method as recited in claim 10, further comprising identifying that all of the components have been received.
  - 13. The method as recited in claim 12, wherein the indicator is a vector that includes an identifier for the originating computer system, and a new update sequence number.
  - 14. The method as recited in claim 13, wherein identifying that all of the components have been received includes identifying an update sequence number associated with each of the components.
  - 15. The method as recited in claim 14, further comprising receiving a message that indicates that no more components for the update are being sent from the originating computer system.
  - 16. The method as recited in claim 15, wherein the message includes the originating domain controller identifier and the new update sequence identifier.
  - 17. The method as recited in claim 10, wherein the update to the resource includes any of changing an access permission for a first grouping of the resource to a new access permission, or of changing a location of the resource from the first grouping to a second grouping.
  - 18. The method as recited in claim 17, wherein the update to the resource further includes changing an old password attribute to a new password attribute in the resource.
  - 19. The method as recited in claim 17, further comprising:
    - receiving the new request from an accessor; and
      
      identifying that the accessor has an object is associated with the new access permission that does not allow the resource to be accessed by the accessor, such that a response in accordance with the updated resource includes a denial of access.

20. In a computerized environment in which one or more computer systems communicate secure and non-secure information, a computer program product having computer-executable instructions stored thereon that, when executed, cause one or more processors at a computer system to perform a method comprising the following:
- receiving an indicator that a resource has been updated at an originating computer system;
  
  receiving one or more components of a corresponding resource update from the originating computer system;
  
  sending one or more responses, before all of the one or more components have been received, that the resource is unavailable;
  
  updating the resource after all of the one or more components have been received; and
  
  responding to a new request for the resource in accordance with the updated resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sadarangani, Pranay, Muggli, Nathan Daniel, Lees, William Birkin, Johnson, Gregory C.

Application Number

US11/149,651
Publication Number

US 20060282900A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/604 Tools and structures for ma...

Managing access with resource control lists and resource replication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing access with resource control lists and resource replication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links