Dynamic server-managed access control for a distributed file system
First Claim
1. In an information handling system having objects that are accessed by a requester, a method of controlling access to said objects, comprising the steps of:
- storing a list of valid tokens;
receiving an access request from a requester, said request containing an identifier specifying a requested object;
comparing said identifier with said list of valid tokens to determine whether said identifier corresponds to a valid token from said list;
if said identifier corresponds to a valid token from said list, granting said requester access to said requested object; and
if said identifier does not correspond to a valid token from said list, denying said requester access to said requested object.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing dynamically controlling access to files in a client/server system. A client wanting access to a file first requests a token from an object server. The object server generates the token as a function of the file name and ephemeral information and provides the token to both the client and the file system. Upon receiving the token from the object server, the client presents an access request to the file system, using the token rather than the file name as an identifier. The file system compares the received identifier with the file names in the specified directory as well as with a list of valid tokens that it maintains. If the identifier corresponds to a valid token for a file in the directory, the access request is granted. Otherwise, the access request is denied. The procedure is transparent to the client, which uses the token in the same manner as it would use a regular file name.
-
Citations
13 Claims
-
1. In an information handling system having objects that are accessed by a requester, a method of controlling access to said objects, comprising the steps of:
-
storing a list of valid tokens; receiving an access request from a requester, said request containing an identifier specifying a requested object; comparing said identifier with said list of valid tokens to determine whether said identifier corresponds to a valid token from said list; if said identifier corresponds to a valid token from said list, granting said requester access to said requested object; and if said identifier does not correspond to a valid token from said list, denying said requester access to said requested object. - View Dependent Claims (2)
-
-
3. In an information handling system in which a requester requests an identifier of an object being accessed and then requests access to said object using said identifier, a method of dynamically controlling access to said object, comprising the steps of:
-
in response to a request from a requester for an identifier of said object, dynamically generating a token and providing said token to said requester as said identifier of said object; storing a list of tokens that have been previously generated; and in response to a request from a requestor for access to an object identified by an identifier, comparing said identifier with the tokens in said list and granting access to said object only if said identifier matches one of the tokens in said list. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
10. In an information handling system having objects that are accessed by a requestor, apparatus for controlling access to said objects, comprising the steps of:
-
means for storing a list of valid tokens; means for receiving an access request from a requester, said request containing an identifier specifying a requested object; means for comparing said identifier with said list of valid tokens to determine whether said identifier corresponds to a valid token from said list; means responsive to an identifier corresponding to a valid token from said list for granting said requester access to said requested object; and means responsive to an identifier not corresponding to a valid token from said list for denying said requestor access to said requested object.
-
-
11. In an information handling system in which a requestor requests an identifier of an object being accessed and then requests access to said object using said identifier, apparatus for dynamically controlling access to said object, comprising:
-
means responsive to a request from a requestor for an identifier of said object for dynamically generating a token and providing said token to said requester as said identifier of said object; means for storing a list of tokens that have been generated by said token generating means; and means responsive to a request from a requester for access to an object identified by an identifier for comparing said identifier with the tokens in said list and for granting access to said object only if said identifier matches one of the tokens in said list.
-
-
12. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for controlling access to objects in an information handling system having objects that are accessed by a requester, said method steps comprising:
-
storing a list of valid tokens; receiving an access request from a requestor, said request containing an identifier specifying a requested object; comparing said identifier with said list of valid tokens to determine whether said identifier corresponds to a valid token from said list; if said identifier corresponds to a valid token from said list, granting said requestor access to said requested object; and if said identifier does not correspond to a valid token from said list, denying said requestor access to said requested object.
-
-
13. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for dynamically controlling access to an object in an information handling system in which a requester requests an identifier of an object being accessed and then requests access to said object using said identifier, said method steps comprising:
-
in response to a request from a requester for an identifier of said object, dynamically generating a token and providing said token to said requester as said identifier of said object; storing a list of tokens that have been previously generated; and in response to a request from a requester for access to an object identified by an identifier, comparing said identifier with the tokens in said list and granting access to said object only if said identifier matches one of the tokens in said list.
-
Specification