Provisioning software with policy-appropriate capabilities

US 20080141335A1
Filed: 12/08/2006
Published: 06/12/2008
Est. Priority Date: 12/08/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of provisioning a software product with policy-appropriate capabilities, comprising:

preventing full capabilities of the software product;

determining which capabilities of the full capabilities a user of the software product requires based on a predetermined policy; and

based on the determining, allowing functionality of the which capabilities thereby provisioning the software product with the policy.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods are described for enabling distribution of user-tailored pieces of a larger software program in a way that facilitates compliance with organizational policies around security, access control, and the like. The pieces, representing new or missing functionality in an existing instance of pre-installed software, are supplied as supplemental software fragments (known as “aspects”) that provide the new or missing logic to a target application with the target application having to know of the fragment'"'"'s existence. The number and quality of aspects provisioned to the user are tailored to the user'"'"'s identity and/or organizational role in accordance with explicit policy governing such provisioning. In this manner, the user of the software gains functionality appropriate to his security level, title, or other qualifications, and the events surrounding the provisioning become loggable, traceable, and verifiable.

Citations

29 Claims

1. A method of provisioning a software product with policy-appropriate capabilities, comprising:
- preventing full capabilities of the software product;
  
  determining which capabilities of the full capabilities a user of the software product requires based on a predetermined policy; and
  
  based on the determining, allowing functionality of the which capabilities thereby provisioning the software product with the policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the allowing functionality of the which capabilities varies depending upon different users.
  - 3. The method of claim 1, based on the determining, further including providing aspects to an otherwise incomplete code of the software product.
  - 4. The method of claim 3, wherein the providing aspects based on the determining further includes inserting one of the aspects at a pointcut in the otherwise incomplete code, each of the aspects enabling differing functionality from other of the aspects when together with the software product.
  - 5. The method of claim 1, wherein the allowing functionality of the which capabilities occurs by enabling aspects to function with the software product, each of the aspects enabling differing functionality from other of the aspects when together with the software product.
  - 6. The method of claim 1, wherein the determining which capabilities further includes setting the predetermined policy based upon an identity of the user.
  - 7. The method of claim 1, wherein the allowing functionality further includes enabling otherwise disabled aspects in object or source code of the software product.
  - 8. The method of claim 1, further including providing the software product as one of a download and a computer readable medium.

9. A method of tailoring executable code with policy-appropriate capabilities for a user, comprising:
- preventing certain capabilities of the executable code from operating;
  
  determining which capabilities of the prevented certain capabilities the user of the executable code requires based on a predetermined policy other than a licensing arrangement based on purchase of the executable code; and
  
  based on the determining, allowing the which capabilities of the prevented certain capabilities to operate thereby provisioning the executable code with the policy, wherein the allowing the which capabilities varies depending upon different users.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the preventing certain capabilities further includes installing the executable code on a plurality of computing devices in an organization related to the user and the different users.
  - 11. The method of claim 9, wherein the preventing certain capabilities of the executable code from operating further includes providing incomplete object or source code with pointcuts for receipt of one or more aspects available after the determining the which capabilities based on the predetermined policy.
  - 12. The method of claim 9, wherein the allowing the which capabilities of the prevented certain capabilities to operate further includes retrieving aspects from an aspect store and providing the aspects to the executable code on a client machine.
  - 13. The method of claim 9, wherein the steps of the preventing certain capabilities, the determining which capabilities, and the allowing the which capabilities of the prevented certain capabilities to operate occur remotely, locally or both in a computing environment.

14. In a computing environment, a method of provisioning a software product with policy-appropriate capabilities for a user of a client machine, comprising:
- installing the software product on the client machine, the software product including an incomplete version of source or object code preventing full operation, the code including one or more insertion points;
  
  determining which capabilities the user functionally requires for use according to a predetermined policy of an organization related to the user;
  
  based on the determining, allowing the which capabilities to operate thereby provisioning the software product with the policy, the allowing including inserting one or more aspects of code at the one or more insertion points after the determining the which capabilities the user functionally requires for use, the inserting the one or more aspects of code also making the incomplete version of source or object code operational for the user.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, further including updating the one or more aspects based upon changes in the policy, the updating occurring without altering the incomplete version of source or object code.
  - 16. The method of claim 15, further including inserting the one or more updated aspects at the one or more insertion points thereby making the incomplete version of source or object code operational for the user based upon the changes in the policy.

17. The method of claim 17, wherein the allowing the which capabilities to operate varies depending upon different users.

18. A computing system, comprising:
- a client machine for installation with a software product in a locked down condition;
  
  an aspect store having a plurality of JAR files for inclusion in the software product to make it unlocked per a policy-appropriate determination of a user of the client machine; and
  
  an intermediary interfaced between the client machine and the aspect store, the intermediary operable to fetch and return one or more of the JAR files to the software product of the client machine whenever a policy-based decision associates the user with the one or more of the JAR files.
- View Dependent Claims (19, 20, 21)
- - 19. The computing system of claim 18, further including an administrative function associated with the policy-based decision.
  - 20. The computing system of claim 18, wherein the aspect store is a database and the intermediary is a server remote from the database, the database operable to have updated JAR files upon an update in policy.
  - 21. The computing system of claim 18, wherein the software product in a locked down condition is an incomplete version of source or object code that is unable to operate without the one or more JAR files.

22. A computer readable media having computer executable instructions that is provisionally enabled with policy-appropriate capabilities, comprising:
- a plurality of lines of object or source code together resulting in an inoperable software product; and
  
  one or more pointcuts in the plurality of lines for receiving one or more aspects, the aspects relating to a predetermined policy about a user of a client machine upon which the plurality of lines are installed and the plurality of lines together with the aspects resulting in an operational software product for the user that is provisioned according to the policy.
- View Dependent Claims (23, 24, 25)
- - 23. The computer readable media of claim 22, wherein the plurality of lines are Java code include a POJO.
  - 24. The computer readable media of claim 23, wherein the one or more pointcuts exist in the POJO.
  - 25. The computer readable media of claim 23, wherein the one or more aspects vary from user to user.

26. By way of aspect oriented programming, a method of writing executable code for a software product, comprising:
- drafting Java code including a POJO;
  
  creating a pointcut in the POJO, the Java code and POJO being an inoperable software product;
  
  drafting an aspect for insertion at the pointcut, the aspect exclusively relating to a predetermined policy about a user of a client machine upon which the Java code is to be installed, the Java code and the aspect together resulting in an operational version of the software product for the user that is provisioned according to the policy.
- View Dependent Claims (27)
- - 27. The method of claim 26, wherein the drafting the aspect varies per different users.

28. A computer software product having computer executable instructions that, when executed, operates functionally differently per different users, comprising:
- a plurality of lines of object or source code with a pointcut for receipt of a first and second aspect, the first aspect relating to a predetermined policy about a first user of a computing device upon which the plurality of lines of object or source code are installed wherein the first aspect together with the plurality of lines of object or source code yield a first functionality, the second aspect relating to a predetermined policy about a second user of the computing device upon which the plurality of lines are installed wherein the second aspect together with the plurality of lines of object or source code yield a second functionality different than the first functionality.

29. A computer software product having computer executable instructions that, when executed, operates functionally differently per different users, comprising:
- a plurality of lines of object or source code with a plurality of aspects embedded therein made operational differently per a first or second user, wherein the first aspect relates to a predetermined policy about a first user of a computing device upon which the plurality of lines of object or source code are installed and the first aspect together with the plurality of lines of object or source code yield a first functionality, and wherein the second aspect relates to a predetermined policy about a second user of the computing device upon which the plurality of lines of object or source code are installed and the second aspect together with the plurality of lines of object or source code yield a second functionality different than the first functionality.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Novell Intellectual Property Holdings, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Thomas, Kasman E.

Application Number

US11/635,845
Publication Number

US 20080141335A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/125 by manipulating the program...

G06F 21/629 to features or functions of...

Provisioning software with policy-appropriate capabilities

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning software with policy-appropriate capabilities

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links