Method and apparatus to secure distributed digital directory object changes
First Claim
1. A method of resolving object attributes in a computer system, wherein a first object and a second object each have at least one associated attribute and each object is part of a distributed directory having a schema, comprising the steps of:
- a) determining an associated attribute of the first object;
b) checking that the second object is included in the associated attribute of the first object;
c) determining an associated attribute of the second object; and
d) checking that the first object is included in the associated attribute of the second object.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing access control to objects in a distributed network directory employing static resolution to resolve object attributes. A first object has a Security Equals attribute and a second object has an Equivalent To Me attribute. Upon receiving a request for the first object to access the second object, authorization of such access is verified by checking if the two attributes are synchronized. The attributes are synchronized when the Security Equals attribute of the first object includes the second object, and the Equivalent To Me attribute of the second object includes the first object. A method of synchronizing the two attributes is also disclosed.
-
Citations
26 Claims
-
1. A method of resolving object attributes in a computer system, wherein a first object and a second object each have at least one associated attribute and each object is part of a distributed directory having a schema, comprising the steps of:
-
a) determining an associated attribute of the first object; b) checking that the second object is included in the associated attribute of the first object; c) determining an associated attribute of the second object; and d) checking that the first object is included in the associated attribute of the second object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 21, 22, 23)
-
-
8. A method of synchronizing an associated attribute of a first object and an associated attribute of a second object in a computer system, wherein each object is part of a distributed directory having a schema, comprising the steps of:
-
a) receiving a request to modify the associated attribute of the second object; b) verifying that the associated attribute of the second object may be modified; c) modifying the associated attribute of the second object; and d) synchronizing the associated attribute of the first object and the associated attribute of the second object by modifying the associated attribute of the first object to correspond to the modified associated attribute of the second object. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of verifying that a first object has authorization to access a second object in a computer system, wherein the first object and the second object each have at least one associated attribute and each object is part of a distributed directory having a schema, comprising the steps of:
-
a) receiving a request for the first object to access the second object; b) determining the associated attribute of the first object and the associated attribute of the second object; c) checking that the second object is included in the associated attribute of the first object and that the first object is included in the associated attribute of the second object; and d) verifying that the first object has authorization to access the second object if; i. the second object is included in the associated attribute of the first object; and ii. the first object is included in the associated attribute of the second object. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
24. A computer system comprising a first computer and a second computer which are capable of transmitting and receiving information from one another, which first and second computers access a plurality of objects, wherein the first computer maintains a first object and the second computer maintains a second object, wherein the first and second objects are part of a distributed directory having a schema and wherein the first object has a first associated attribute which references at least the second object and the second object has a second associated attribute which references at least the first object.
-
25. A computer readable medium comprising a program for resolving object attributes having a first directory object and a second object, wherein each of said objects includes at least one associated attributed, wherein each object is part of a distributed directory having a schema, the program being capable of resolving object attributes by performing the steps of:
-
a) receiving a request for the first object to access the second object; b) determining the associated attribute of the first object and the associated attribute of the second object; c) checking that the second object is included in the associated attribute of the first object and that the first object is included in the associated attribute of the second object; and d) verifying that the first object has authorization to access the second object if; i. the second object is included in the associated attribute of the first object; and ii. the first object is included in the associated attribute of the second object.
-
-
26. A computer system accessing a plurality of objects having associated attributes, wherein each of the objects is part of a distributed directory having a schema, the computer system comprising:
-
a) means for receiving a request for a first object to access a second object; b) means for determining an associated attribute of the first object and an associated attribute of the second object; c) means for checking that the second object is included in the associated attribute of the first object and that the first object is included in the associated attribute of the second object; and d) means for verifying that the first object has authorization to access the second object if; i. the second object is included in the associated attribute of the first object; and ii. the first object is included in the associated attribute of the second object.
-
Specification