Information handling system, method, and article of manufacture including object system authorization and registration
First Claim
1. A method for improving system authorization and registration in an information handling system employing object oriented technology, comprising the steps of:
- first building a system authorization policy object which encapsulates management of a resource authorization policy to an object oriented control program;
second building a system authorization oracle object which encapsulates the process of the decision making at access checking time; and
third building a system registration object which encapsulates management of a subject registry.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and article of manufacture, for improving object security in distributed object systems, in an information handling system employing object oriented technology, includes one or more processors, a storage system, a system bus, a display sub-system controlling a display device, a cursor control device, an I/O controller for controlling I/O devices, all connected by system bus an operating system such as the OS/2* operating system program (OS/2 is a registered trademark of International Business Machines Corporation), one or more application programs for executing user tasks and an object oriented control program, such as, DSOM Objects program, which is a commercially available product of International Business Machines Corporation, the object oriented control program including a system authorization policy (SAP) object, a system authorization oracle (SAO) object, and a system registration object (SRO). The SAP object encapsulates management of a resource authorization policy. It may also be used to retrieve security attributes of objects in order to perform access checking. An object'"'"'s security attribute includes the access control list (ACL) governing access to the object. The SAP object is also used to retrieve and manipulate user capabilities in an environment that is capability based for access authorization. A user capability enlists the object that the user has access to, along with the corresponding access types or permissions. A capability is the transpose of an access control list (ACL) in the global access matrix modeling user access to protected objects.
-
Citations
16 Claims
-
1. A method for improving system authorization and registration in an information handling system employing object oriented technology, comprising the steps of:
-
first building a system authorization policy object which encapsulates management of a resource authorization policy to an object oriented control program; second building a system authorization oracle object which encapsulates the process of the decision making at access checking time; and third building a system registration object which encapsulates management of a subject registry. - View Dependent Claims (2, 3, 4)
-
-
5. A computer readable medium comprising:
-
means for first building a system authorization policy object which encapsulates management of a resource authorization policy to an object oriented control program; means for second building a system authorization oracle object which encapsulates the process of the decision making at access checking time; and means for third building a system registration object which encapsulates management of a subject registry. - View Dependent Claims (6, 7, 8)
-
-
9. A system, for improving object security, in an information handling system employing object oriented technology, comprising:
-
one or more processors; a storage system; one or more I/O controllers for controlling I/O devices; a system bus interconnecting the processors, the storage system, and the I/O controllers; a system control program controlling operation of the system; one or more application programs for executing user tasks; and an object oriented control program, the object oriented control program comprising a system authorization policy object which encapsulates management of a resource authorization policy to the object oriented control program; a system authorization oracle object which encapsulates a process of decision making at access checking time; and a system registration object which encapsulates management of a subject registry. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification