HIGH PERFORMANCE SECURE CACHING IN THE MID-TIER
First Claim
Patent Images
1. A computer-implemented method comprising:
- storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;
storing, in said mid-tier cache, cache versions of resources subject to said security descriptors,wherein a set of resources includes said resources that are subject to said security descriptors,wherein said set of resources are stored in said first tier;
storing, in the mid-tier cache, association data that associates said cache versions of security descriptors with a strict subset of said set of resources;
wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and
said middle tier determining whether a particular entity may be granted access to a certain resource of said set of resources based on said association data and said certain cache version of said certain security descriptor.
2 Assignments
0 Petitions
Accused Products
Abstract
In a multi-tier data server system, data from the first tier is cached in a mid-tier cache of the middle tier. Access control information from the first tier for the data is also cached within the mid-tier cache. Caching the security information in the middle tier allows the middle tier to make access control decisions regarding requests for data made by clients in the outer tier.
110 Citations
26 Claims
-
1. A computer-implemented method comprising:
-
storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system; storing, in said mid-tier cache, cache versions of resources subject to said security descriptors, wherein a set of resources includes said resources that are subject to said security descriptors, wherein said set of resources are stored in said first tier; storing, in the mid-tier cache, association data that associates said cache versions of security descriptors with a strict subset of said set of resources; wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and said middle tier determining whether a particular entity may be granted access to a certain resource of said set of resources based on said association data and said certain cache version of said certain security descriptor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
10. A machine-implemented method, comprising the steps of:
-
a first tier storing resources accessible to clients in an outer tier of a multi-tier data server system that includes said first tier; said first tier providing, to a middle tier of said multi-tier data server system for storage in a middle tier cache of said middle tier, copies of a first strict subset of said resources; said first tier storing security descriptors that apply to said resources; said first tier providing, to said middle tier for storage in the middle tier cache, versions of security descriptors that apply to a second strict subset of said resources; and said first tier providing, to said middle tier for storage in the middle tier cache, association data that associates said versions of security descriptors with said second strict subset of said resources. - View Dependent Claims (11, 12, 13, 23, 24, 25, 26)
-
Specification