SUPPORTING ROLE-BASED ACCESS CONTROL IN COMPONENT-BASED SOFTWARE SYSTEMS

US 20100058197A1
Filed: 08/29/2008
Published: 03/04/2010
Est. Priority Date: 08/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method of supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process using a software system, the method comprising:

componentizing the software system into a multitude of software components; and

limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product is disclosed for supporting role-based access control in a collaborative environment, wherein pluralities of users work together in a collaborative process using a software system. The method comprises componentizing the software system into a multitude of software components, and limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process. The set of components that a user can access is dynamic, that set can change based on the “context” or the step where the user is in a collaborative workflow/process. Thus, in comparison with traditional access control mechanisms, an embodiment of the invention combines three different elements: a) the set of components that comprise the application is partitioned in such a way as to make componentized role-based access control feasible, b) a method for specifying inter-component dependencies to enable role-based groups, and c) enabling the modification of the access privileges based on contextual information from a collaborative process.

Citations

20 Claims

1. A method of supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process using a software system, the method comprising:
- componentizing the software system into a multitude of software components; and
  
  limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein during the collaborative process, the users have a plurality of different roles, and the componentizing the software system includescapturing the different roles and the collaborative process into a centralized model;
    - andusing said centralized model to divide the software system into role specific components sets and assigning the sets of components into role profiles.
  - 3. The method according to claim 2, wherein the roles login to the collaborative process, and the limiting access to specific components includes:
    - when one of the roles logins to the collaborative process, loading corresponding software components on the profile for the roles in the software system; and
      
      changing the components that certain roles can access according to the run-time context determined by the collaborative process.
  - 4. The method according to claim 3, further comprising providing a user interface to enable an administrator to manage and update the profiles.
  - 5. The method according to claim 4, wherein the capturing the different roles and the collaborative process into a centralized model includes describing the relationships among the components, the different roles, and the collaborative process in the centralized model, including the dependencies between components, the ownership between the roles and the components, and the ownership between activities in the collaborative process and the components.
  - 6. The method according to claim 5, wherein the using said centralized model to divide the software system into role specific components sets includes:
    - analyzing the relationships in the centralized model to generate different role profiles; and
      
      parsing the role profiles to load the components in the intersection between the ownership of a current role and the ownership of a current activity in the collaborative process.
  - 7. The method according to claim 6, wherein the using said centralized model to divide the software system into role specific components sets further includes monitoring a current runtime status of the collaborative process to dynamically change the accessible components for different roles.
  - 8. The method according to claim 1, wherein the limiting access to specific components to certain users includes:
    - assigning to each of the users an associated set of the software components; and
      
      limiting each user to access to the set of software components assigned to the user.
  - 9. The method according to claim 8, wherein the limiting access to specific components to certain users further includes:
    - assigning a plurality of roles to the users;
      
      developing a profile for each of the roles;
      
      associating one of the sets of software components to each of the roles; and
      
      limiting each of the users to access to the set of software components associated with the role assigned to the user.
  - 10. The method according to claim 9, Wherein each profile records what components a specific role can access, and describes how to change the authorized component set based on the running states of the collaborative process.

11. An access control system for supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process using a software system, the access control system comprising one or more processor units configured for:
- componentizing the software system into a multitude of software components; and
  
  limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The access control system according to claim 11, wherein during the collaborative process, the users have a plurality of different roles, and the componentizing the software system includes:
    - capturing the different roles and the collaborative process into a centralized model; and
      
      using said centralized model to divide the software system into role specific components sets and assigning the sets of components into role profiles.
  - 13. The access control system according to claim 12, wherein the roles login to the collaborative process, and the limiting access to specific components includes:
    - when one of the roles logins to the collaborative process, loading corresponding software components on the profile for the roles in the software system; and
      
      changing the components that certain roles can access according to the run-time context determined by the collaborative process.
  - 14. The access control system according to claim 13, wherein the capturing the different roles and the collaborative process into a centralized model includes describing the relationships among the components, the different roles, and the collaborative process in the centralized model, including the dependencies between components, the ownership between the roles and the components, and the ownership between activities in the collaborative process and the components.
  - 15. The access control system according to claim 11, wherein the limiting access to specific components to certain users includes:
    - assigning to each of the users an associated set of the software components; and
      
      limiting each user to access to the set of software components assigned to the user.

16. An article of manufacture comprising:
- at least one computer usable medium having computer readable program code logic to execute a machine instruction in one or more processing units for supporting role-based access control in a collaborative environment, wherein a plurality of users work together in a collaborative process using a software system, the computer readable program code logic, when executing, performing the following;
  
  componentizing the software system into a multitude of software components; and
  
  limiting access to specific software components to certain users based on roles assigned to the users as defined by a run-time state of the collaborative process.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The article of manufacture according to claim 16, wherein during the collaborative process, the users have a plurality of different roles, and the componentizing the software system includes:
    - capturing the different roles and the collaborative process into a centralized model; and
      
      using said centralized model to divide the software system into role specific components sets and assigning the sets of components into role profiles.
  - 18. The article of manufacture according to claim 16, wherein the capturing the different roles and the collaborative process into a centralized model includes describing the relationships among the components, the different roles, and the collaborative process in the centralized model, including the dependencies between components, the ownership between the roles and the components, and the ownership between activities in the collaborative process and the components.
  - 19. The article of manufacture according to claim 18, wherein the using said centralized model to divide the software system into role specific components sets includes:
    - analyzing the relationships in the centralized model to generate different role profiles; and
      
      parsing the role profiles to load the components in the intersection between the ownership of a current role and the ownership of a current activity in the collaborative process.
  - 20. The article of manufacture according to claim 19, wherein the limiting access to specific components to certain users includes:
    - assigning a plurality of roles to the users;
      
      developing a profile for each of the roles;
      
      associating one of the sets of software components to each of the roles; and
      
      limiting each of the users to access to the set of software components associated with the role assigned to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ratakonda, Krishna, Oppenheim, Daniel V., Chee, Yi-Min, Zou, Zhi Le, Ma, Qian, Liu, Feng, Fang, Ru

Granted Patent

US 8,645,843 B2
Time in Patent Office

Days
Field of Search
US Class Current

715/751
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06Q 10/10 Office automation; Time man...

SUPPORTING ROLE-BASED ACCESS CONTROL IN COMPONENT-BASED SOFTWARE SYSTEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SUPPORTING ROLE-BASED ACCESS CONTROL IN COMPONENT-BASED SOFTWARE SYSTEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links