Methods and apparatus for implementing secure name servers in an object-oriented system
First Claim
Patent Images
1. A computer implemented method for providing a secure naming system for a set of objects in an object-oriented system having a plurality of name servers, said method comprising the steps of:
- implementing a first context object in a first name server, said first context object comprising a first encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;
implementing a second context object in a second name server, said second context object comprising a second encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;
binding said second context object to a second context name within said first context object;
binding a desired first object to a first object name within said second context object;
requesting said desired first object for a client using a path name comprised of said second context name and said first object name and a desired set of access rights; and
resolving said request for said desired first object by performing the steps ofresolving said second context name to receive a representation of said second context object located in said second name server;
assuring said second name server that a name resolution from said first name server to said second name server is secure;
resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure naming model for objects in an object-oriented system, wherein names are bound to objects within context objects. The context objects are implemented by name servers, and clients request that a context object "resolve" the name for the object. The name server that implements the context returns a duplicate of the desired object. If a name resolution involves more than one name server, an assurance of security is provided by the first name server to the second name server.
165 Citations
12 Claims
-
1. A computer implemented method for providing a secure naming system for a set of objects in an object-oriented system having a plurality of name servers, said method comprising the steps of:
-
implementing a first context object in a first name server, said first context object comprising a first encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object; implementing a second context object in a second name server, said second context object comprising a second encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object; binding said second context object to a second context name within said first context object; binding a desired first object to a first object name within said second context object; requesting said desired first object for a client using a path name comprised of said second context name and said first object name and a desired set of access rights; and resolving said request for said desired first object by performing the steps of resolving said second context name to receive a representation of said second context object located in said second name server; assuring said second name server that a name resolution from said first name server to said second name server is secure; resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus for providing a secure naming system for a set of objects in an object-oriented system having a plurality of name servers, comprising:
-
a first name server, said first name server having at least one context object, each of said context objects having an encapsulated principal identifier; a first context object within said first name server, said first context object comprising a first encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object; a second name server, said second name server having at least one context object, each of said context objects having an encapsulated principal identifier; a second context object within said second name server, said second context object comprising a second encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object; means for binding said second context object to a second context name within said first context object; means for binding a desired first object to a first object name within said second context object; means for requesting said desired first object for a client using a path name comprised of said second context name and said first object name and a desired set of access rights; and means for resolving said request for said desired first object by resolving said second context name to receive a representation of said second context object located in said second name server, and then assuring said second name server that a name resolution from said first name server to said second name server is secure, and then resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights. - View Dependent Claims (6, 7, 8)
-
-
9. In an object-oriented system, said object-oriented system having a first name server having a first context object with a first encapsulated principal identifier, a second name server having a second context object with a second encapsulated principal identifier, a method for providing a secure naming system comprising the steps of:
-
binding said second context object to a second context name within said first context object; binding a desired first object to a first object name within said second context object; sending an object request from a client to said first context object for said desired first object using a path name comprised of said second context name and said first object name and a desired set of access rights; and resolving said object request for said desired first object by performing a series of steps comprising resolving said second context name within said first context object to receive a representation of said second context object located in said second name server, assuring said second name server that a name resolution from said first name server to said second name server is secure, resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights. - View Dependent Claims (10, 11, 12)
-
Specification