Security execution context for a database management system
First Claim
Patent Images
1. A system that provides a secure context within a multi-domain database management system, comprising:
- a grant component of a first domain that deems an owner of a second domain trusted to access a resource in the first domain under a security context; and
an access component of the first domain that provides a caller established within the second domain with access to the resource in the first domain based at least upon a privilege assigned to the owner of the second domain.
2 Assignments
0 Petitions
Accused Products
Abstract
A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.
40 Citations
20 Claims
-
1. A system that provides a secure context within a multi-domain database management system, comprising:
-
a grant component of a first domain that deems an owner of a second domain trusted to access a resource in the first domain under a security context; and
an access component of the first domain that provides a caller established within the second domain with access to the resource in the first domain based at least upon a privilege assigned to the owner of the second domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for providing secure interaction between databases in a server instance, comprising:
-
granting an owner of a second database permission to access a resource in a first database;
flagging the second database as trustworthy to the second database; and
providing a caller context established within the second database with a mapping context to access the resource in the first database. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system that implements authentication between domains in an instance of a server, comprising:
-
a grant component of a first domain that conveys a statement expressed in a declarative language that indicates at least one of an owner of a second domain is trusted to access the first domain and a certificate is trusted in a manner that contexts established within a signed code that corresponds to the certificate facilitates access to the first domain; and
an identity component that marks the second domain as trustworthy to the first domain, the grant component of the first domain provides at least one of a calling context that is established and authenticated by the owner of the second domain with access to the first domain when the owner of the second domain is declared trusted by the first domain and a calling context that is established within the signed code that facilitates access to the first domain when the certificate is trusted by the owner of the first domain. - View Dependent Claims (17, 18, 19, 20)
-
Specification