TECHNIQUES FOR PROJECT LIFECYCLE STAGED-BASED ACCESS CONTROL

US 20080319999A1
Filed: 06/20/2007
Published: 12/25/2008
Est. Priority Date: 06/20/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

acquiring access control rights for a first stage of a first processing environment, wherein the first stage is one of a plurality of other stages associated with a lifecycle of a project; and

enforcing the access control rights against requesting resources that access the first processing environment in response to identities associated with the requesting resources and policies associated with the identities that map to portions of the access control rights, and wherein the access control rights are additional security limitations layered on top of and in addition to existing security limitations for the first processing environment.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for project lifecycle staged-based access control are provided. Access control rights are defined for a stage of a project'"'"'s lifecycle. As requestors transition to the stage, the access control rights are enforced on top of any existing security restrictions. In an embodiment, selective resources are not visible to requesters within the stage in response to the access control rights.

36 Citations

View as Search Results

26 Claims

1. A method, comprising:
- acquiring access control rights for a first stage of a first processing environment, wherein the first stage is one of a plurality of other stages associated with a lifecycle of a project; and
  
  enforcing the access control rights against requesting resources that access the first processing environment in response to identities associated with the requesting resources and policies associated with the identities that map to portions of the access control rights, and wherein the access control rights are additional security limitations layered on top of and in addition to existing security limitations for the first processing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein acquiring further includes recognizing the access control rights as one or more of the following:
    - access permissions for a particular resource of the project within the first processing environment, access permissions for the particular resource independent of the project and other projects that use the particular resource, access permissions for the particular resource of the first stage, access permissions for an attribute of the particular resource, and access permissions for an operation of the particular resource.
  - 3. The method of claim 1, wherein acquiring further includes recognizing the access control rights as having some global access permissions applicable to the first processing environment, having some access permissions applicable to the first stage, and having some access permissions applicable to the project.
  - 4. The method of claim 1, wherein acquiring further includes dynamically acquiring some of the access control rights in response to mappings supplied by an administrator that owns or is responsible for defining security for the first stage.
  - 5. The method of claim 1, wherein enforcing further includes determining customized authentication mechanisms for each of the requesting resources from the policies.
  - 6. The method of claim 1, wherein enforcing further includes restricting some of the requesting resources from viewing particular first stage resources in response to enforcement of the access control rights.
  - 7. The method of claim 1, wherein enforcing further includes accepting in response to particular policy configuration information for a particular first stage resource from a particular requesting resource, and wherein the particular requesting resource is unable pursuant to the access control rights to view the particular first stage resource but is able to supply the configuration information pursuant to the particular policy.

8. A method, comprising:
- authenticating a requesting resource to a first stage of a project within a first processing environment, wherein the first stage includes a plurality of first resources;
  
  acquiring access control rights in response to an authenticated identity associated with the requesting resource;
  
  enforcing existing security restrictions for the first resources, wherein the existing security restrictions are defined outside the context of the access control rights and are associated with the first processing environment or the first resources; and
  
  selectively presenting to the requesting resource some of the first resources or some attributes or operations of the first resources in response to enforcing the access control rights on top of the existing security restrictions.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein authenticating further includes dynamically and automatically initiating the authentication processing in response to an attempt by the requesting resource to transition to the first stage from another stage associated with a lifecycle of the project.
  - 10. The method of claim 8, wherein authenticating further includes performing the authentication in addition to other authentications of the requesting resource, wherein the authentication is associated with stage transitioning within a lifecycle of the project.
  - 11. The method of claim 8, wherein acquiring further includes acquiring the access control rights as metadata associated one or more of the following:
    - the project, the first stage, and the first resources.
  - 12. The method of claim 8, wherein acquiring further includes acquiring some of the access control rights in response to a role assigned to the authenticated identity.
  - 13. The method of claim 8, wherein enforcing further includes overriding some of the existing security restrictions with the access control rights in response to policy.
  - 14. The method of claim 8 further comprising, permitting the requesting resource to define other access control rights for the first stage and for the first resources, wherein the other access control rights are defined by the requesting resource for other requesting resources that attempt to access the first stage of the project, and wherein a scope of defining the other access control rights is controlled by policy.

15. A system, comprising:
- an identity service implemented in a machine-accessible and readable medium and to process on a machine; and
  
  a staged-based access control service implemented in a machine-accessible and readable medium and to process on the machine or a different machine, wherein the staged-based access control service is to enforce access control rights against requesting resources attempting to access target resources and within a context of a particular stage of a particular project, the staged-based access control service interacts with the identity service to authenticate the requesting resources before enforcing the access control rights and the access control rights are enforced on top of existing security restrictions associated with a particular processing environment having the target resources.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the access control rights are defined by policies acquired from one or more of the following:
    - the identity service, metadata associated with the particular project, and metadata associated with the particular stage.
  - 17. The system of claim 15, wherein at least one access control right overrides enforcement of at least one existing security restriction.
  - 18. The system of claim 15, wherein the access control rights are hierarchical, wherein at least some higher-level access control rights automatically include other lower-level ones of the access control rights.
  - 19. The system of claim 18, wherein the staged-based access control service interactively receives at least some definitions for the access control rights from an administrator of the particular stage or the particular project.
  - 20. The system of claim 15, wherein the staged-based access control service acquires at least some of the access control rights in response to active roles assigned to the requesting resources.

21. A system, comprising:
- a graphical user interface (GUI) tool implemented in a machine-accessible and readable medium and is accessible to one or more machines; and
  
  a policy repository implemented in a machine-accessible and readable medium and accessible to the GUI tool, wherein the GUI tool dynamically interacts with an administrative resource to define access control rights for a stage associated with a lifecycle of a project, wherein the stage includes a variety of stage-specific resources, and wherein the access control rights are defined via policies for the stage and housed in the policy repository and subsequently dynamically enforced against requesting resources that transition into the stage and the policies also subsequently enforced on top of existing security limitations associated with a processing environment of the stage-specific resources.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The system of claim 21 further comprising, a staged-based access control service implemented in a machine-accessible and readable medium and to process on the machine, wherein the staged-based access control service subsequently and dynamically enforces the policies against requesting resources by acquiring the policies from the policy repository and evaluating them when the requesting resources are successfully authenticated to the stage.
  - 23. The system of claim 21, wherein some policies are defined by the administrative resource to be conditionally triggered during enforcement in response to active roles assigned to the requesting resources.
  - 24. The system of claim 21, wherein some policies are defined by the administrative resource to be conditionally triggered during enforcement in response to one or more of the following:
    - an identity associated with a particular one of the stage-specific resources, an identity associated with a particular one of the requesting resources, an identity associated with the stage, and an identity associated with the processing environment of the stage.
  - 25. The system of claim 21, wherein the GUI tool is used by the administrative resource to define custom authentication mechanisms for the requesting resources to successfully authenticate to the stage before the policies are acquired from the policy repository for enforcement.
  - 26. The system of claim 21, wherein some policies restrict particular requesting resources from viewing particular stage-specific resources within the stage or some policies restrict the particular requesting resources from viewing attributes, operations, or settings associated with particular stage-specific resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
CPTN Holdings LLC
Inventors
Lowry, Lee Edward, Simpson, Michel Shane, Street, William, Scheuber-Heinz, Volker Gunnar

Granted Patent

US 7,954,135 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

TECHNIQUES FOR PROJECT LIFECYCLE STAGED-BASED ACCESS CONTROL

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR PROJECT LIFECYCLE STAGED-BASED ACCESS CONTROL

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links