Method and apparatus for proxy authentication
First Claim
1. A method in a computer system, comprising the steps of:
- (a) obtaining by a source the rights of a source object, the rights of the source object including authorization to access a target object and to modify authentication data of the target object, the target object having rights to access one or more objects;
(b) generating new authentication data by the source;
(c) accessing the target object by the source using the rights of the source object;
(d) modifying, at least partially due to the source having obtained the rights of the source object, the authentication data of the target object to include the new authentication data;
(e) using the new authentication data by the source to obtain the rights of the target object to access the one or more objects, whereby the source becomes a proxy for the target object; and
(f) using by the source the rights of the target object.
9 Assignments
0 Petitions
Accused Products
Abstract
A method for a source to obtain the rights of a target object is disclosed. The source first obtains the rights of a source object, which rights include authorization to access a target object and to modify authentication data of the target object. Next, the source object generates new authentication data. After accessing the target object using the rights of the source object, the source modifies the authentication data of the target object to include the new authentication data. Using the new authentication data, the source obtains the rights of the target object, whereby the source becomes a proxy for the target object. As a proxy, the source uses the rights of the target object. Alternative processes for proxy authentication, as well as apparatus for proxy authentication, are also disclosed.
125 Citations
38 Claims
-
1. A method in a computer system, comprising the steps of:
-
(a) obtaining by a source the rights of a source object, the rights of the source object including authorization to access a target object and to modify authentication data of the target object, the target object having rights to access one or more objects; (b) generating new authentication data by the source; (c) accessing the target object by the source using the rights of the source object; (d) modifying, at least partially due to the source having obtained the rights of the source object, the authentication data of the target object to include the new authentication data; (e) using the new authentication data by the source to obtain the rights of the target object to access the one or more objects, whereby the source becomes a proxy for the target object; and (f) using by the source the rights of the target object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer readable medium, comprising a program operative to perform the steps of:
-
(a) obtaining by a source the rights of a source object, the rights of the source object including authorization to access a target object and to modify authentication data of the target object, the target object having rights to access one or more objects; (b) generating new authentication data by the source; (c) accessing the target object by the source using the rights of the source object; (d) modifying, at least partially due to the source having obtained the rights of the source object, the authentication data of the target object to include the new authentication data; (e) using the new authentication data by the source to obtain the rights of the target object to access the one or more objects, whereby the source becomes a proxy for the target object; and (f) using by the source the rights of the target object.
-
-
16. A computer system, comprising:
-
(a) a distributed directory having a plurality objects; (b) a plurality of computers accessing the distributed directory; (c) a target object in the distributed directory having authentication data and rights to access one or more of the plurality objects in the distributed directory; (d) a source object in the distributed directory having rights to access the target object and to modify the authentication data of the target object, said source object having authentication data capable of being obtained by a source; (e) a generation mechanism operative to generate new authentication data for replacement of the authentication data of the target object; and (f) a replacement mechanism operative to replace the authentication data of the target object with the new authentication data, which enables the source to obtain the rights of the target object. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A method in a computer system, comprising the steps of:
-
(a) obtaining by a source the rights of a source distributed directory object in a distributed directory; (b) reading an attribute of one or more distributed directory objects to determine if the source object has proxy rights to a target distributed directory object in the distributed directory, the target object having rights to access one or more objects in the distributed directory; (c) obtaining by the source object the rights of the target object, if the source object has proxy rights; and (d) using by the source object the rights of the target object to access the one or more objects. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38)
-
-
37. A computer readable medium, comprising a program operative to perform the steps of:
-
(a) obtaining by a source the rights of a source distributed directory object in a distributed directory; (b) reading an attribute of one or more distributed directory objects to determine if the source object has proxy rights to a target distributed directory object, the target object in the distributed directory having rights to access one or more objects in the distributed directory; (c) obtaining by the source object the rights of the target object, if the source object has proxy rights; and (d) using by the source object the rights of the target object to access the one or more objects.
-
Specification