HYBRID META-DIRECTORY
First Claim
1. A computer-implemented method for providing a hybrid meta-directory for recording a grant of privileges, comprising:
- assigning a privilege identifier to each privilege stored in a privilege repository;
in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and
in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.
2 Assignments
0 Petitions
Accused Products
Abstract
Exemplary embodiments provide a method and system for providing a hybrid meta-directory for recording a grant of privileges. In one embodiment method and system aspects of the exemplary embodiment include: assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.
62 Citations
34 Claims
-
1. A computer-implemented method for providing a hybrid meta-directory for recording a grant of privileges, comprising:
-
assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An executable software product containing program instructions for providing a hybrid meta-directory for recording a grant of privileges, the program shortens for:
-
assigning a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID. - View Dependent Claims (8, 9, 10, 11, 12, 23)
-
-
13. A hybrid meta-directory for recording a grant of privileges, comprising:
-
a network; an authoritative source domain accessible over the network; and a computer coupled to the network and executing an identity management application, the identity management application configured to; assign a privilege identifier to each privilege stored in a privilege repository; in response to a granting of one of the privileges to a target user, storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and in response to receiving a query of the authoritative source domain based on a user ID, retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-implemented method for providing Sarbanes-Oxley separation of duty detection and compliance, comprising:
-
displaying a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources; in response to a user selecting at least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to allow the user to initiate a request for the privilege; for each item added to the request cart, checking a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the user or present in the request cart; and in response to detecting a conflict, indicating to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements of Sarbanes-Oxley. - View Dependent Claims (20, 21)
-
-
22. The method of claim 22 further comprising allowing the separation of duty conflict to be cured by prompting the user to choose between removing the requested privilege from the request cart, removing the conflicting privilege that is already present in the request cart, or having the conflicting privilege currently granted to the target user removed.
-
24. An executable software product stored on a computer-readable medium containing program instructions for providing Sarbanes-Oxley separation of duty detection and compliance, a program instructions for:
-
displaying a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources; in response to a user selecting at least one of the privileges from the hierarchical list, adding the selected privilege to a request cart to allow the user to initiate a request for the privilege; for each item added to the request cart, checking a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the user or present in the request cart; and in response to detecting a conflict, indicating to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements of Sarbanes-Oxley. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A hybrid meta-directory system for providing Sarbanes-Oxley separation of duty detection and compliance, comprising:
-
a network; and a computer coupled to the network and executing an identity management application, the identity management application configured to; display a hierarchical list of resources for selection of at least one of a plurality of privileges associated with the resources; in response to a user selecting at least one of the privileges from the hierarchical list, add the selected privilege to a request cart to allow the user to initiate a request for the privilege; for each item added to the request cart, check a separation of duty privilege list to determine whether any of the privileges in the request cart conflict with any privilege currently granted to the user or present in the request cart; and in response to detecting a conflict, indicate to the user that the privilege cannot be granted concurrently with the conflicting privilege, thereby facilitating compliance with separation of duties requirements of Sarbanes-Oxley. - View Dependent Claims (30, 31, 32, 33)
-
-
34. A hybrid meta-directory for recording a grant of privileges, comprising:
-
means for assigning a privilege identifier to each privilege stored in a privilege repository; means responsive to a granting of one of the privileges to a target user for storing the privilege identifier assigned to the granted privilege in an authoritative source domain record for the target user; and means responsive to receiving a query of the authoritative source domain based on a user ID for retrieving a list of privileges granted to the corresponding target user based on the privilege identifiers associated with the user ID.
-
Specification