CROSS SECURITY-DOMAIN IDENTITY CONTEXT PROJECTION WITHIN A COMPUTING ENVIRONMENT
First Claim
1. A method of facilitating processing within a computing environment comprising a first system in a first security domain and a second system in a second security domain, the method comprising:
- creating by a local security manager of the second system a runtime security context in the second system for a user of the first system, the creating being responsive to receipt of a request at the second system from the first system for the runtime security context at the second system and the creating referencing, at least in part, security credentials of the user of the first system provided to the second system by the first system;
sending by the second system to the first system at least one of a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system; and
receiving by the second system work from the first system to be performed by the second system, the received work to be performed by the second system having associated therewith the at least one of the reference to the runtime security context for the user in the second system or the portable representation of the runtime security context for the user in the second system, thereby facilitating processing of the work by the second system.
3 Assignments
0 Petitions
Accused Products
Abstract
Processing within a computing environment is facilitated by: determining by a local security manager of a first system in a first security domain whether a local security context of a user is acceptable to a second system in a second security domain; responsive to the user'"'"'s security context being unacceptable to the second system, creating by a local security manager of the second system a runtime security context for the user in the second system; and providing the first system with a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system, the reference or the portable representation being subsequently returned to the second system with a request from the first system to process work at the second system.
-
Citations
20 Claims
-
1. A method of facilitating processing within a computing environment comprising a first system in a first security domain and a second system in a second security domain, the method comprising:
-
creating by a local security manager of the second system a runtime security context in the second system for a user of the first system, the creating being responsive to receipt of a request at the second system from the first system for the runtime security context at the second system and the creating referencing, at least in part, security credentials of the user of the first system provided to the second system by the first system; sending by the second system to the first system at least one of a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system; and receiving by the second system work from the first system to be performed by the second system, the received work to be performed by the second system having associated therewith the at least one of the reference to the runtime security context for the user in the second system or the portable representation of the runtime security context for the user in the second system, thereby facilitating processing of the work by the second system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system for facilitating processing within a computing environment comprising a first system in a first security domain and a second system within a second security domain, the computer system comprising:
-
a memory; and a processor in communication with the memory, wherein the computer system is capable of performing a method, the method comprising; creating by a local security manager of the second system a runtime security context in the second system for a user of the first system, the creating being responsive to receipt of a request at the second system from the first system for the runtime security context at the second system and the creating referencing, at least in part, security credentials of the user of the first system provided to the second system by the first sytem; sending by the second system to the first system at least one of a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system; and receiving by the second system work from the first system to be performed by the second system, the received work to be performed by the second system, having associated therewith the at least one of the reference to the runtime security context for the user in the second system or the portable representation of the runtime security context for the user in the second system, thereby facilitating processing of the work by the second system. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for facilitating processing within a computing environment comprising a first system in a first security domain and a second system in a second security domain, the computer program product comprising:
a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising; creating by a local security manager of the second system a runtime security context in the second system for a user of the first system, the creating being responsive to receipt of a request at the second system from the first system for the runtime security context at the second system and the creating referencing, at least in part, security credentials of the user of the first system provided to the second system by the first system; sending by the second system to the first system at least one of a reference to the runtime security context for the user in the second system which is resolvable within the computing environment or a portable representation of the runtime security context for the user in the second system; and receiving by the second system work from the first system to be performed by the second system, the received work to be performed by the second system having associated therewith the at least one of the reference to the runtime security context for the user in the second system or the portable representation of the runtime security context for the user in the second system, thereby facilitating processing of the work by the second system. - View Dependent Claims (18, 19, 20)
Specification