Controlling transactions in accordance with role based security

US 20070208741A1
Filed: 03/01/2006
Published: 09/06/2007
Est. Priority Date: 03/01/2006
Status: Active Grant

First Claim

Patent Images

1. At a computer system, a method for controlling a distributed transaction in accordance with role based security, the method comprising:

an act of a first transaction related component receiving a transaction related message from a second transaction related component, the transaction related message indicating a request by the second transaction related component to perform a transaction related operation that is to involve the first transaction related component;

an act of the first transaction related component authenticating the second transaction related component;

an act of referring to transaction control information for the first transaction related component, the transaction control information indicating roles the second transaction related component is permitted to assume relative to the first transaction related component;

an act of comparing the transaction related operation indicated in the request to the permitted roles for the second transaction related component; and

an act of implementing the transaction related operation in accordance with the results of the comparison.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for controlling transactions in accordance with role based security. A first transaction related component receives a transaction related message from a second transaction related component. The transaction related message indicates a request by the second transaction related component to perform a transaction related operation that is to involve the first transaction related component. The first transaction related component authenticates the second transaction related component. The first transaction related component refers to transaction control information indicating roles the second transaction component is permitted to assume relative to the first transaction related component. The transaction related operation indicated in the request is compared to the permitted roles for the second transaction related component. The transaction related operation is implemented in accordance with the results of the comparison.

13 Citations

View as Search Results

20 Claims

1. At a computer system, a method for controlling a distributed transaction in accordance with role based security, the method comprising:
- an act of a first transaction related component receiving a transaction related message from a second transaction related component, the transaction related message indicating a request by the second transaction related component to perform a transaction related operation that is to involve the first transaction related component;
  
  an act of the first transaction related component authenticating the second transaction related component;
  
  an act of referring to transaction control information for the first transaction related component, the transaction control information indicating roles the second transaction related component is permitted to assume relative to the first transaction related component;
  
  an act of comparing the transaction related operation indicated in the request to the permitted roles for the second transaction related component; and
  
  an act of implementing the transaction related operation in accordance with the results of the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method as recited in claim 1, wherein the act of a first transaction related component receiving a transaction related message from a second transaction related component comprises an act of a transaction manager receiving a transaction related message.
  - 3. The method as recited in claim 1, wherein the act of a first transaction related component receiving a transaction related message from a second transaction related component comprises an act of an application receiving a transaction related message.
  - 4. The method as recited in claim 1, wherein the act of the first transaction related component authenticating the second transaction related component comprises an act of a transaction manager authenticating another component in a distributed transaction architecture.
  - 5. The method as recited in claim 1, wherein the act of the first transaction related component authenticating the second transaction related component comprises an act of authenticating using at least one of X.509 certificate thumbprints and Kerberos tickets.
  - 6. The method as recited in claim 1, wherein the an act of referring to transaction control information for the first transaction related component comprises an act of referring to transaction control information for a transaction manager, the transaction control information expressly indicating roles the second component is permitted to assume relative to the transaction manager.
  - 7. The method as recited in claim 6, wherein the an act of referring to transaction control information for a transaction manager comprises an act or referring to transaction control information that indicates the second component is permitted to assume at least one role relatively to the transaction manager, the at least one permitted role selected from among:
    - initiating a transaction, marshalling a transaction, unmarshalling a transaction, propagating a transaction, receiving a propagated transaction, enlisting in a transaction, becoming a subordinate transaction manager, and becoming a superior transaction manager.
  - 8. The method as recited in claim 1, wherein the an act of referring to transaction control information for the first transaction related component comprises an act of referring to transaction control information for a transaction manager, the transaction control information indicating roles the second component is not permitted to assume relative to the transaction manager.
  - 9. The method as recited in claim 8, wherein the an act of referring to transaction control information for a transaction manager comprises an act or referring to transaction control information that indicates the second component is not permitted to assume at least one role relatively to the transaction manager, the at least one non permitted role selected from among:
    - initiating a transaction, marshalling a transaction, unmarshalling a transaction, propagating a transaction, receiving a propagated transaction, enlisting in a transaction, becoming a subordinate transaction manager, and becoming a superior transaction manager.
  - 10. The method as recited in claim 1, wherein the act of referring to transaction control information for the first transaction related component comprises an act of referring to transaction control information maintained by an operating system.
  - 11. The method as recited in claim 1, wherein the act of referring to transaction control information for the first transaction related component comprises an act of referring to transaction control information maintained by TM to TM protocol.
  - 12. The method as recited in claim 1, wherein the act of comparing the transaction related operation indicated in the request to the permitted roles for the second transaction related component comprises an act of comparing the transaction related operation to expressly permitted roles listed in the transaction control information.
  - 13. The method as recited in claim 1, wherein the act of implementing the transaction related operation in accordance with the results of the comparison comprises an act of performing the transaction related operation when the transaction related operation is related to a role the second components is permitted to assume relative to the first component.
  - 14. The method as recited in claim 1, wherein the act of implementing the transaction related operation in accordance with the results of the comparison comprises an act of preventing the transaction related operation form occurring when the transaction related operation is related to a role the second component is not permitted to assume relative to the first component.
  - 15. The method as recited in claim 1, wherein the act of implementing the transaction related operation in accordance with the results of the comparison comprises an act of implementing the transaction related operation in accordance with default behavior when the transaction control information does not expressly indicate if the transaction related operation is related to a role the second component is permitted to assume.

16. A computer program product for use at a computer system, the computer program product for implementing a method for controlling a distributed transaction in accordance with role based security, the method comprising one or more computer-readable media having stored thereon computer-executable instructions that, when executed by a processor, cause a first transaction related component at the computer system to perform the following:
- receive a transaction related message from a second transaction related component, the transaction related message indicating a request by the second transaction related component to perform a transaction related operation that is to involve the first transaction related component;
  
  authenticate the second transaction related component;
  
  refer to transaction control information indicating roles the second transaction related component is permitted to assume relative to the first transaction related component;
  
  compare the transaction related operation indicated in the request to the permitted roles for the second transaction related component; and
  
  implement the transaction related operation in accordance with the results of the comparison.
- View Dependent Claims (17, 18, 19)
- - 17. The computer program product as recited in claim 16, wherein the first transaction related component is a transaction manager.
  - 18. The computer program product as recited in claim 16, wherein computer-executable instructions that, when executed, cause a first transaction related component at the computer system to implement the transaction related operation in accordance with the results of the comparison comprise computer-executable instructions that, when executed, cause the first transaction related component to prevent the transaction related operation from occurring.
  - 19. The computer program product as recited in claim 16, wherein computer-executable instructions that, when executed, cause a first transaction related component at the computer system to refer to transaction control information indicating roles the second transaction related component is permitted to assume comprise computer-executable instructions that, when executed, cause the first transaction related component to referring to transaction control information that indicates the second component is permitted to assume at least one role relative to the transaction manager, the at least one permitted role selected from among:
    - initiating a transaction, marshalling a transaction, unmarshalling a transaction, propagating a transaction, receiving a propagated transaction, enlisting in a transaction, becoming a subordinate transaction manager, and becoming a superior transaction manager.

20. A computer system, comprising:
- one or more processors;
  
  system memory; and
  
  one or more computer-readable media having stored thereon a transaction manager, the transaction manger configured to;
  
  receive a transaction related messages from other transaction related components, the transaction related messages indicating requests by the other transaction related components to perform transaction related operations that are to involve the transaction manager;
  
  authenticate other transaction related components;
  
  refer to transaction control information indicating roles that other transaction related components are permitted to assume relative to transaction manager;
  
  compare transaction related operations indicated in requests to the permitted roles for other transaction related components; and
  
  implement transaction related operations in accordance with the results of the comparisons.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Johnson, James, Vishwanath, Tirunelveli, Feingold, Max

Granted Patent

US 7,730,095 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/10 specially adapted for elect...

G06Q 20/3823 combining multiple encrypti...

Controlling transactions in accordance with role based security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling transactions in accordance with role based security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links