Access Control in a Computer System
First Claim
1. An apparatus for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory, the apparatus comprising at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure relates to apparatuses and methods for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory. The apparatus comprises at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.
44 Citations
20 Claims
- 1. An apparatus for a computer network comprising hosts accessible by directory users whose user identity information is maintained in a user information directory, the apparatus comprising at least one processor, and at least one memory for storing instructions that, when executed, cause the apparatus to manage information of configurations for attribute based filtering of access requests by the directory users for a plurality of hosts and separately from the user information directory.
- 12. A method for managing access information in a computer network where user information for directory users is stored in a user information directory, the method comprising maintaining, for a plurality of hosts in a storage and separately from the user information directory, information regarding configurations for attribute based filtering of access requests to each of the host by the directory users.
-
19. A data structure stored in a non-transitory computer readable media for use in access control in a computer network, comprising
a first data record associating hosts with configuration information records of configurations for attribute based filtering of access requests to the hosts by directory users, and a second data record associating the configuration information records with sets of attributes, related users and directories.
Specification