SYSTEM AND METHOD FOR SERVER SECURITY AND ENTITLEMENT PROCESSING
First Claim
1. A method for determining user entitlements to access protected resources in a secure environment, comprising:
- receiving an access request from a user application to access a protected resource, by invoking a security service with the access request and a callback;
determining user entitlements to access the protected resource, wherein the determining includes polling a plurality of security providers that may be plugged into the security service, and wherein the plurality of security providers use a callback handler to request context information from an application container for the access request;
making a decision at the security service based on the user entitlements to permit or deny the access request; and
the steps of either (a) communicating a permitted access request to the protected resource, or (b) denying a denied access request to the protected resource.
0 Assignments
0 Petitions
Accused Products
Abstract
A pluggable architecture allows security and business logic plugins to be inserted into a security service hosted by a server, and to control access to one or more secured resources on that server, on another server within the security domain, or between security domains. The security service may act as a focal point for security enforcement, and access rights determination, and information used or determined within one login process can flow transparently and automatically to other login processes. Entitlements denote what a particular user may or may not do with a particular resource, in a particular context. Entitlements reflect not only the technical aspects of the secure environment (the permit or deny concept), but can be used to represent the business logic or functionality required by the server provider. In this way entitlements bridge the gap between a simple security platform, and a complex business policy platform.
65 Citations
5 Claims
-
1. A method for determining user entitlements to access protected resources in a secure environment, comprising:
-
receiving an access request from a user application to access a protected resource, by invoking a security service with the access request and a callback;
determining user entitlements to access the protected resource, wherein the determining includes polling a plurality of security providers that may be plugged into the security service, and wherein the plurality of security providers use a callback handler to request context information from an application container for the access request;
making a decision at the security service based on the user entitlements to permit or deny the access request; and
the steps of either (a) communicating a permitted access request to the protected resource, or (b) denying a denied access request to the protected resource. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
-
Current AssigneeBEA Systems Incorporated (Oracle Corporation)
-
Original AssigneeBEA Systems Incorporated (Oracle Corporation)
-
InventorsPatrick, Paul
-
Application NumberUS11/686,218Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/6CPC Class CodesG06F 21/6245 Protecting personal data, e...G06F 2221/2141 Access rights, e.g. capabil...G06F 2221/2145 Inheriting rights or proper...
