SCOPE-CENTRIC ACCESS CONTROL MODEL
First Claim
Patent Images
1. A computer controlled method comprising:
- maintaining an association graph comprising a plurality of association tuples wherein each of said plurality of association tuples belongs to one of a plurality of access-control-policy scopes;
receiving a client reference and a supplier reference;
identifying a first scope-defining entity responsive to said client reference, said first scope-defining entity having a first explicit access control policy;
retrieving an effective supplier reference from a set of said plurality of association tuples that match said first scope-defining entity; and
presenting said effective supplier reference responsive to retrieving.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatus, methods, and computer program products are disclosed that maintain an association graph made up of association tuples. Each of the association tuples belongs to an access-control-policy scope that imposes an access control policy. On receipt of a client reference and a supplier reference a scope-defining entity is identified from the client reference. The scope-defining entity has an explicit access control policy. An effective supplier reference is retrieved from a set of the association tuples matching the scope-defining entity and is presented.
28 Citations
30 Claims
-
1. A computer controlled method comprising:
-
maintaining an association graph comprising a plurality of association tuples wherein each of said plurality of association tuples belongs to one of a plurality of access-control-policy scopes; receiving a client reference and a supplier reference; identifying a first scope-defining entity responsive to said client reference, said first scope-defining entity having a first explicit access control policy; retrieving an effective supplier reference from a set of said plurality of association tuples that match said first scope-defining entity; and presenting said effective supplier reference responsive to retrieving. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus having a central processing unit (CPU) and a memory coupled to said CPU comprising:
-
a storage mechanism configured to store an association graph comprising a plurality of association tuples wherein each of said plurality of association tuples belongs to one of a plurality of access-control-policy scopes; a receiving logic configured to receive a client reference and a supplier reference; an identification logic configured to identify a first scope-defining entity responsive to said client reference, said first scope-defining entity having a first explicit access control policy; a retrieving logic configured to retrieve an effective supplier reference from a set of said plurality of association tuples in the storage mechanism that match said first scope-defining entity, the retrieving logic responsive to the identification logic; and a presenting logic configured to present said effective supplier reference responsive to the retrieving logic. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product comprising:
-
a computer-usable data carrier providing instructions that, when executed by a computer, cause said computer to perform a method comprising; maintaining an association graph comprising a plurality of association tuples wherein each of said plurality of association tuples belongs to one of a plurality of access-control-policy scopes; receiving a client reference and a supplier reference; identifying a first scope-defining entity responsive to said client reference, said first scope-defining entity having a first explicit access control policy; retrieving an effective supplier reference from a set of said plurality of association tuples that match said first scope-defining entity; and presenting said effective supplier reference responsive to retrieving. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification