ACCESS CONTROL POLICY IN A WEAKLY-COHERENT DISTRIBUTED COLLECTION
First Claim
1. A computer implemented method of implementing an access control policy on a weakly-coherent distributed collection, the method comprising the steps of:
- (a) generating one or more certificates creating one or more access control rights with respect to one or more replicas and items in the weakly-coherent distributed collection, said step (a) of generating one or more certificates including the step of creating one or more namespaces to subdivide the rights associated with different replicas; and
(b) allowing revocation but not modification of the one or more certificates by a collection manager and/or one or more replicas granted authority to revoke the one or more certificates.
2 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed for creating and implementing an access control policy framework in a weakly coherent distributed collection. A collection manager may sign certificates forming equivalence classes of replicas that share a specific authority. The collection manager and/or certain privileged replicas may issue certificates that delegate authority for control of item policy and replica policy. Further certificates may be signed that create one or more items, set policy for these one or more items, and define a set of operations authorized on the one or more items. The certificates issued according to the present system for creating and implementing a control policy framework cannot be modified or simply overridden. Once a policy certificate is issued, it may only be revoked by the collection manager or by a replica having revocation authority.
115 Citations
20 Claims
-
1. A computer implemented method of implementing an access control policy on a weakly-coherent distributed collection, the method comprising the steps of:
-
(a) generating one or more certificates creating one or more access control rights with respect to one or more replicas and items in the weakly-coherent distributed collection, said step (a) of generating one or more certificates including the step of creating one or more namespaces to subdivide the rights associated with different replicas; and (b) allowing revocation but not modification of the one or more certificates by a collection manager and/or one or more replicas granted authority to revoke the one or more certificates. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented method of implementing an access control policy on a weakly-coherent distributed collection, the method comprising the steps of:
-
(a) forming a plurality of classes of replicas, replicas in a given class of the plurality of classes sharing a specific authority with respect to operations on one or more replicas and items in the weakly-coherent distributed collection; (b) delegating authority for control of access control rights for one or more replicas and items in the weakly-coherent distributed collection to replicas in one or more of the plurality of classes formed in said step (a); (c) establishing access control rights applying to one or more replicas and items in the weakly-coherent distributed collection; and (d) applying access control policy to one or more items during a synchronization operation. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A weakly-coherent distributed collection having an access control policy, the collection comprising:
-
a collection manager for issuing certificates defining access control policy, the collection manager capable of delegating authority for issuing certificates defining access control policy; a plurality of replicas, a first group of one or more replicas of the plurality of replicas having authority delegated from the collection manager to issue certificates defining access control policy; a plurality of items generated by the plurality of replicas; and a synchronization protocol for synchronizing the plurality of items between the plurality of replicas; wherein at least one of the collection manager and the first group of replicas issuing certificates defining access control policy for the plurality of replicas and plurality of items, wherein the certificates issued can be revoked but not modified. - View Dependent Claims (18, 19, 20)
-
Specification