DISTRIBUTED ACCESS CONTROL FOR DOCUMENT CENTRIC COLLABORATIONS
First Claim
1. A computer system including instructions stored on a computer-readable medium, the computer system comprising:
- an access interest manager configured to provide an expression of access interest of a collaboration participant with respect to a document portion, the access interest specified in terms of an access primitive describing a type of access requested for the document portion;
a document access pattern manager configured to receive access requests from a plurality of collaboration participants including the collaboration participant, each access request including at least one access primitive;
a document authorization manager configured to receive the expression of access interest and to associate the collaboration participant with a common access interest group of the collaboration participants, based on the access requests and on an access control policy specified in terms of access credentials of the common access interest group participants;
a document edition manager configured to update the document portion based on the access primitive; and
a key manager configured to implement a common secret key that is common to the common access interest group for encrypting/decrypting the document portion.
2 Assignments
0 Petitions
Accused Products
Abstract
Document collaboration may be implemented by executing an access interest specification phase. The access interest specification phase may include receiving access requests from collaboration participants for access to a document instance, the access requests specified using a document schema of the document instance and referencing at least one schema portion for access to a corresponding document instance portion based thereon, determining a common access interest group of the collaboration participants, based on the access requests, access credentials of the collaboration participants, and on an access control policy specified in terms of the access credentials, and providing a control data block to the participants of the common access interest group including information for generating a common secret key that is common to the participants of the common access interest group. The document collaboration may further be implemented by executing a collaboration phase. The collaboration phase execution may include encrypting the document instance portion using the access control policy, and providing access to the document instance for access to the document instance portion by an accessing participant of the common access interest group, the access including decryption of the document instance portion using the common secret key.
-
Citations
20 Claims
-
1. A computer system including instructions stored on a computer-readable medium, the computer system comprising:
-
an access interest manager configured to provide an expression of access interest of a collaboration participant with respect to a document portion, the access interest specified in terms of an access primitive describing a type of access requested for the document portion; a document access pattern manager configured to receive access requests from a plurality of collaboration participants including the collaboration participant, each access request including at least one access primitive; a document authorization manager configured to receive the expression of access interest and to associate the collaboration participant with a common access interest group of the collaboration participants, based on the access requests and on an access control policy specified in terms of access credentials of the common access interest group participants; a document edition manager configured to update the document portion based on the access primitive; and a key manager configured to implement a common secret key that is common to the common access interest group for encrypting/decrypting the document portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for executing process models, the computer program product being tangibly embodied on a computer-readable medium and including executable code that, when executed, is configured to cause at least one data processing apparatus to:
-
receive access requests from collaboration participants for access to a document instance, the access requests specified using a document schema of the document instance and referencing at least one schema portion for access to a corresponding document instance portion based thereon; determine a common access interest group of the collaboration participants, based on the access requests, access credentials of the collaboration participants, and on an access control policy specified in terms of the access credentials; provide a control data block to the participants of the common access interest group including information for generating a common secret key that is common to the participants of the common access interest group; encrypt the document instance portion using the access control policy; and provide access to the document instance for access to the document instance portion by an accessing participant of the common access interest group, the access including decryption of the document instance portion using the common secret key. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method of document collaboration comprising:
-
executing an access interest specification phase, including receiving access requests from collaboration participants for access to a document instance, the access requests specified using a document schema of the document instance and referencing at least one schema portion for access to a corresponding document instance portion based thereon; determining a common access interest group of the collaboration participants, based on the access requests, access credentials of the collaboration participants, and on an access control policy specified in terms of the access credentials; providing a control data block to the participants of the common access interest group including information for generating a common secret key that is common to the participants of the common access interest group; and executing a collaboration phase, including encrypting the document instance portion using the access control policy; providing access to the document instance for access to the document instance portion by an accessing participant of the common access interest group, the access including decryption of the document instance portion using the common secret key. - View Dependent Claims (18, 19, 20)
-
Specification