System and method for content management security

US 20070073673A1
Filed: 08/04/2006
Published: 03/29/2007
Est. Priority Date: 09/26/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing content management security to federated content repositories in a content management system, the method comprising:

integrating a plurality of content repositories, including a first content repository having a first security mechanism and a second content repository lacking any security mechanism, into a virtual content repository (VCR);

intercepting a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository;

determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository; and

providing the result set when the request satisfies the security policy and the first security mechanism.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for providing content management security to federated content repositories in a content management system and for interacting with a virtual content repository. These mechanisms and methods can enable embodiments to provide secure access to repositories based upon policies defined at a federated repository level and to secure repository access at the federated level based upon policies defined for differing classes of users. These abilities of embodiments can enable users to create services and applications by integrating content from unsecured repositories.

127 Citations

View as Search Results

18 Claims

1. A method for providing content management security to federated content repositories in a content management system, the method comprising:
- integrating a plurality of content repositories, including a first content repository having a first security mechanism and a second content repository lacking any security mechanism, into a virtual content repository (VCR);
  
  intercepting a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository;
  
  determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository; and
  
  providing the result set when the request satisfies the security policy and the first security mechanism.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein intercepting a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository includes:
    - intercepting the request at a common Application Programming Interface (API) providing access to the VCR.
  - 3. The method of claim 1, wherein determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository includes:
    - determining based upon the result set that at least a portion of the result set is retrieved from the first content repository; and
      
      applying the first security mechanism to only that portion of the result set returned by the first content repository.
  - 4. The method of claim 1, wherein determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository includes:
    - determining based upon the result set that at least a portion of the result set is retrieved from the second content repository; and
      
      applying only the security policy to only that portion of the result set returned by the second content repository.
  - 5. The method of claim 1, wherein providing the result set when the request satisfies the selected security policy includes:
    - enabling at least one of navigation, CRUD operations (create, read, update, delete), versioning, workflows, and searching operations to operate on the plurality of repositories as though the plurality of repositories were one repository.
  - 6. The method of claim 1, further comprising:
    - redacting content from the result set to make the result set permissible according to the selected security policy.
  - 7. The method of claim 1, further comprising:
    - redacting content from only that portion of the result set returned by the second content repository to make the result set permissible according to the first security mechanism.
  - 8. The method of claim 1, further comprising:
    - blocking access to an entity that at least partially satisfies the request when the request does not satisfy the selected security policy.

9. A machine-readable medium carrying one or more sequences of instructions for providing content management security to federated content repositories in a content management system, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- integrating a plurality of content repositories, including a first content repository having a first security mechanism and a second content repository lacking any security mechanism, into a virtual content repository (VCR);
  
  intercepting a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository;
  
  determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository; and
  
  providing the result set when the request satisfies the security policy and the first security mechanism.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The machine-readable medium as recited in claim 9, wherein the instructions for carrying out the step of intercepting a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository include instructions for carrying out the step of:
    - intercepting the request at a common Application Programming Interface (API) providing access to the VCR.
  - 11. The machine-readable medium as recited in claim 9, wherein the instructions for carrying out the step of determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository include instructions for carrying out the step of:
    - determining based upon the result set that at least a portion of the result set is retrieved from the first content repository; and
      
      applying the first security mechanism to only that portion of the result set returned by the first content repository.
  - 12. The machine-readable medium as recited in claim 9, wherein the instructions for carrying out the step of determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository include instructions for carrying out the step of:
    - determining based upon the result set that at least a portion of the result set is retrieved from the second content repository; and
      
      applying only the security policy to only that portion of the result set returned by the second content repository.
  - 13. The machine-readable medium as recited in claim 9, wherein the instructions for carrying out the step of providing the result set when the request satisfies the selected security policy include instructions for carrying out the step of:
    - enabling at least one of navigation, CRUD operations (create, read, update, delete), versioning, workflows, and searching operations to operate on the plurality of repositories as though the plurality of repositories were one repository.
  - 14. The machine-readable medium as recited in claim 9, further comprising instructions for carrying out the step of:
    - redacting content from the result set to make the result set permissible according to the selected security policy.
  - 15. The machine-readable medium as recited in claim 9, further comprising instructions for carrying out the step of:
    - redacting content from only that portion of the result set returned by the second content repository to make the result set permissible according to the first security mechanism.
  - 16. The machine-readable medium as recited in claim 9, further comprising instructions for carrying out the step of:
    - blocking access to an entity that at least partially satisfies the request when the request does not satisfy the selected security policy.

17. An apparatus for providing content management security to federated content repositories in a content management system, the apparatus comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  integrating a plurality of content repositories, including a first content repository having a first security mechanism and a second content repository lacking any security mechanism, into a virtual content repository (VCR);
  
  intercepting a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository;
  
  determining whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository; and
  
  providing the result set when the request satisfies the security policy and the first security mechanism.

18. A method for transmitting code on a transmission medium, comprising:
- transmitting code to integrate a plurality of content repositories, including a first content repository having a first security mechanism and a second content repository lacking any security mechanism, into a virtual content repository (VCR);
  
  transmitting code to intercept a request to access content stored in a first node of a plurality of nodes within the plurality of content repositories and a second node of the plurality of nodes within the plurality of content repositories, wherein the first node includes content stored in the first content repository and the second node includes content stored in the second content repository;
  
  transmitting code to determine whether the request will be permitted by applying a security policy to a result set returned by the first content repository and the second content repository responsive to the request and applying the first security mechanism to only that portion of the result set returned by the first content repository; and
  
  transmitting code to provide the result set when the request satisfies the security policy and the first security mechanism.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Incorporated (BAE Systems Plc)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Zhou, Xiaojiang, Posner, Brad, Saarva, Tanya, Patadia, Jalpesh, Roth, Steven, McVeigh, Ryan

Application Number

US11/499,468
Publication Number

US 20070073673A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/188   Virtual file systems

G06F 16/256   in federated or virtual dat...

G06F 21/62   Protecting access to data v...

H04L 63/105   Multiple levels of security

System and method for content management security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

127 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for content management security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links