Compound principals in access control lists
First Claim
Patent Images
1. In a distributed system, a method for defining the access of a user on a specified workstation to a system resource having an access control list, the method comprising the steps of:
- (a) generating an access code indicating that the user has delegated access authority to the specified workstation; and
(b) allowing the specified workstation to have access to the system resource when all of the following conditions (1)-(3) are met;
(1) the system resource receives an access request from the specified workstation;
(2) the access control list for the system resource has an entry allowing the specified workstation to have access to the system resource if the user has delegated access authority to the specified workstation; and
(3) the system resource determines that the user has delegated access authority to the specified workstation.
5 Assignments
0 Petitions
Accused Products
Abstract
An access control list for determining the access rights of principals in a distributed system to a system resource is disclosed wherein the access rights of a specified principal are based on the access rights delegated to that principal.
303 Citations
8 Claims
-
1. In a distributed system, a method for defining the access of a user on a specified workstation to a system resource having an access control list, the method comprising the steps of:
-
(a) generating an access code indicating that the user has delegated access authority to the specified workstation; and (b) allowing the specified workstation to have access to the system resource when all of the following conditions (1)-(3) are met; (1) the system resource receives an access request from the specified workstation; (2) the access control list for the system resource has an entry allowing the specified workstation to have access to the system resource if the user has delegated access authority to the specified workstation; and (3) the system resource determines that the user has delegated access authority to the specified workstation.
-
-
2. In a distributed system, a method for defining the access privileges of a workstation to a system resource for an identified user having specified access privileges, the method comprising the steps of:
-
(a) generating a role code indicating a subset of the user'"'"'s access privileges to be delegated to the workstation; (b) generating an access code representing the user acting according to the role code assigned in step (a); (c) delegating access privileges to the workstation on the basis of the access code generated in step (b); (d) generating a second access code representing the workstation acting with the access privileges delegated in step (c); and (e) allowing the workstation access to the system resource when the code generated in step (d) indicates that user is acting according to the role code assigned in step (a) and the user acting according to that role code has delegated authority to the workstation.
-
-
3. In a distributed system, a method for defining access for a user to a system resource, the user having specified access privileges and running a specified computer program on a specified workstation, the specified workstation having certain access privileges, the method comprising the steps of:
-
(a) generating a role code representing the execution of the specific computer program on that workstation; (b) generating an access code representing the user acting in conjunction with the assigned role code; and (c) permitting the user to have access to the system resource when the access code indicates that the workstation is executing the specified computer program and the user is acting in conjunction with the execution of the specified computer program.
-
-
4. In a distributed system, a method for defining the access of a group'"'"'s members on a specified workstation to a system resource, the method comprising the steps of:
-
(a) generating an access code representing the group on the specific workstation; and (b) allowing the specific workstation access to the system resource whenever the access code indicates that a member of the group has delegated its access privileges to the specific workstation.
-
-
5. In a distributed system, a method for defining the access rights of a workstation to a system resource given the identity of a particular group having certain access privileges, the method comprising the steps of:
-
(a) generating a role code indicating a subset of the group'"'"'s access privileges to be delegated to the workstation; (b) generating an access code representing the group acting in the role represented by the role code; (c) delegating access privileges to the workstation on the basis of the generated access code; (d) generating a second access code representing the workstation acting with the access privileges delegated in step (c); and (e) allowing the workstation access to the system resource whenever the second access code indicates that a member of the group, acting in the role assigned in step (a) has delegated its access privileges to the workstation.
-
-
6. In a distributed system, a method for defining access for a group member to a system resource, the group member having certain access privileges and running a specified computer program on a specified workstation, the workstation having certain access privileges, the method comprising the steps of:
-
(a) generating a role code representing the execution of the specific piece of software on that workstation; (b) generating an access code representing the group acting in conjunction with the assigned role represented by the role code; and (c) allowing the workstation access to the system resource when the access code indicates that it is executing the specified computer program and a member of the group is acting in conjunction with the execution of the specified computer program.
-
-
7. In a distributed system, a method for defining access for a user running a specific piece of software on a specific workstation to a system resource, the method comprising the steps of:
-
(a) generating a role code representing the execution of the specific piece of software on that workstation; (b) generating a first access code representing the workstation acting in the role code assigned in step (a); (c) generating a second access code representing the user acting in concert with the workstation and software as defined by the first access code; and (d) defining access to the system resource on the basis of the second access code.
-
-
8. In a distributed system, a method for defining access for a group member running a specific piece of software on a specific workstation to a system resource, the method comprising the steps of:
-
(a) generating a role code representing the execution of the specific piece of software on that workstation; (b) generating a first access code representing the workstation acting in the role code assigned in step (a); (c) generating a second access code representing the group acting in concert with the workstation and software as defined by the first access code; and (d) defining access to the system resource on the basis of the second access code.
-
Specification