ACCESS CONTROL DECISION METHOD AND SYSTEM
First Claim
1. An access control method comprising:
- enabling, by a computing system for a requestor, access to said computing system, wherein said computing system comprises a memory system, wherein said memory system comprises group based access control data and computing resource data, wherein said group based access control data and said computing resource data are organized based on an extensible markup language (XML) schema, wherein said XML schema comprises a recursive format used to support a plurality of branch levels in a resource tree, and wherein said computing resource data comprises object identifiers associated with said computing resource data;
associating, by said computing system in response to said enabling, first group data of said group based access control data with said requester;
receiving, by said computing system from said requestor, a first request for accessing said computing resource data;
associating, by said computing system in response to said first request, said first group data with a first group of computing resources of said computing resource data;
generating, by said computing system, a first list comprising attribute values for said first group of computing resources, wherein said attribute values are associated with an XML string that conforms to said XML schema;
determining, by said computing system, an access control decision associated with said first request, said group based access control data, and said requestor;
applying, by said computing system, said access control decision to said first list, wherein said access control decision indicates whether the requested resource data is allowed to be accessed by said requester; and
presenting, by said computing system to said requester, said first access control decision
1 Assignment
0 Petitions
Accused Products
Abstract
An access control method and system. The method includes enabling, by a computing system for a requester, access to the computing system. The computing system comprises group based access control data and computing resource data organized based on an XML schema that comprises a recursive format used to support a plurality of branch levels in a resource tree. The computing system associates first group data of the group based access control data with the requester. The computing system receives a request from the requester to access the computing resource data. The computing system determines an access control decision associated with the request to access the computing resource data. The computing system presents the access control decision to the requester.
12 Citations
25 Claims
-
1. An access control method comprising:
-
enabling, by a computing system for a requestor, access to said computing system, wherein said computing system comprises a memory system, wherein said memory system comprises group based access control data and computing resource data, wherein said group based access control data and said computing resource data are organized based on an extensible markup language (XML) schema, wherein said XML schema comprises a recursive format used to support a plurality of branch levels in a resource tree, and wherein said computing resource data comprises object identifiers associated with said computing resource data; associating, by said computing system in response to said enabling, first group data of said group based access control data with said requester; receiving, by said computing system from said requestor, a first request for accessing said computing resource data; associating, by said computing system in response to said first request, said first group data with a first group of computing resources of said computing resource data; generating, by said computing system, a first list comprising attribute values for said first group of computing resources, wherein said attribute values are associated with an XML string that conforms to said XML schema; determining, by said computing system, an access control decision associated with said first request, said group based access control data, and said requestor; applying, by said computing system, said access control decision to said first list, wherein said access control decision indicates whether the requested resource data is allowed to be accessed by said requester; and presenting, by said computing system to said requester, said first access control decision - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10)
-
-
7. The method of claim 7, wherein said attribute values define an optional description attribute and an optional ShortCutKeys attribute.
-
11. A computing system comprising a processor coupled to a computer-readable memory unit, said memory unit comprising instructions that when executed by the processor implements an access control method, said method comprising:
-
enabling, by said computing system for a requester, access to said computing system, wherein said memory unit comprises group based access control data and computing resource data, wherein said group based access control data and said computing resource data are organized based on an extensible markup language (XML) schema, wherein said XML schema comprises a recursive format used to support a plurality of branch levels in a resource tree, and wherein said computing resource data comprises object identifiers associated with said computing resource data; associating, by said computing system in response to said enabling, first group data of said group based access control data with said requestor; receiving, by said computing system from said requester, a first request for accessing said computing resource data; associating, by said computing system in response to said first request, said first group data with a first group of computing resources of said computing resource data; generating, by said computing system, a first list comprising attribute values for said first group of computing resources, wherein said attribute values are associated with an XML string that conforms to said XML schema; determining, by said computing system, an access control decision associated with said first request, said group based access control data, and said requester; applying, by said computing system, said access control decision to said first list, wherein said access control decision indicates whether the requested resource data is allowed to be accessed by said requester; and presenting, by said computing system to said requestor, said first access control decision. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product, comprising a computer readable medium comprising a computer readable program code embodied therein, said computer readable program code adapted to implement an access control method within a computing system comprising said computer readable medium, said method comprising:
-
enabling, by said computing system for a requestor, access to said computing system, wherein said computer readable medium comprises group based access control data and computing resource data, wherein said group based access control data and said computing resource data are organized based on an extensible markup language (XML) schema, wherein said XML schema comprises a recursive format used to support a plurality of branch levels in a resource tree, and wherein said computing resource data comprises object identifiers associated with said computing resource data; associating, by said computing system in response to said enabling, first group data of said group based access control data with said requester; receiving, by said computing system from said requester, a first request for accessing said computing resource data; associating, by said computing system in response to said first request, said first group data with a first group of computing resources of said computing resource data; generating, by said computing system, a first list comprising attribute values for said first group of computing resources, wherein said attribute values are associated with an XML string that conforms to said XML schema; determining, by said computing system, an access control decision associated with said first request, said group based access control data, and said requester; applying, by said computing system, said access control decision to said first list, wherein said access control decision indicates whether the requested resource data is allowed to be accessed by said requester; and presenting, by said computing system to said requester, said first access control decision. - View Dependent Claims (21, 22)
-
-
23. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system comprising a computer-readable memory unit, wherein the code in combination with the computing system is capable of performing an access control method, said method comprising:
-
enabling, by said computing system for a requestor, access to said computing system, wherein said computing system comprises a memory system, wherein said memory system comprises group based access control data and computing resource data, wherein said group based access control data and said computing resource data are organized based on an extensible markup language (XML) schema, wherein said XML schema comprises a recursive format used to support a plurality of branch levels in a resource tree, and wherein said computing resource data comprises object identifiers associated with said computing resource data; associating, by said computing system in response to said enabling, first group data of said group based access control data with said requester; receiving, by said computing system from said requestor, a first request for accessing said computing resource data; associating, by said computing system in response to said first request, said first group data with a first group of computing resources of said computing resource data; generating, by said computing system, a first list comprising attribute values for said first group of computing resources, wherein said attribute values are associated with an XML string that conforms to said XML schema; determining, by said computing system, an access control decision associated with said first request, said group based access control data, and said requester; applying, by said computing system, said access control decision to said first list, wherein said access control decision indicates whether the requested resource data is allowed to be accessed by said requestor; and presenting, by said computing system to said requester, said first access control decision.
-
- 24. The process of claim 24, wherein said determining comprises comparing a first object identifier of said object identifiers to said first list.
Specification