Entitlement management and access control system
First Claim
1. In a system having a plurality of accessors and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
- a) associating with the resource an entitlement expression, the entitlement expression including a reference to at least one membership map having membership information for the accessor, the at least one membership map being a bit map;
b) associating with the accessor a unique identifier, the unique identifier acting as an index into each membership map;
c) evaluating the entitlement expression for the resource to determine the entitlement of the requesting accessor to the resource, the evaluation including looking up the accessor'"'"'s membership information in the at least one membership map using the accessor'"'"'s unique identifier.
8 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a method, system, and computer program product for determining accessor entitlement to a resource in response to an accessor request for access to the resource. The invention associates a resource with an entitlement expression that includes a reference to at least one membership map having membership information regarding the accessor and associates with the accessor a unique identifier that acts as an index into each membership map. The entitlement expression is evaluated for the resource to determine the entitlement of the requesting accessor to the resource. The evaluation includes looking up the accessor'"'"'s membership information in at least one membership map using the accessor'"'"'s unique identifier. The invention may further include at least one accessor group having a name, zero or more accessors that are members of the group, and a membership map for determining whether a particular accessor is a member of the group. The entitlement expression then refers to at least one membership map by including at least one group name in the entitlement expression.
-
Citations
37 Claims
-
1. In a system having a plurality of accessors and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
-
a) associating with the resource an entitlement expression, the entitlement expression including a reference to at least one membership map having membership information for the accessor, the at least one membership map being a bit map; b) associating with the accessor a unique identifier, the unique identifier acting as an index into each membership map; c) evaluating the entitlement expression for the resource to determine the entitlement of the requesting accessor to the resource, the evaluation including looking up the accessor'"'"'s membership information in the at least one membership map using the accessor'"'"'s unique identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a system having a plurality of accessors, at least one group having a name and having zero or more accessors as members, and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
-
a) associating with the resource an entitlement expression including at least one group name; b) associating with each group a membership map indicating whether particular accessors are members of that group, the membership map being a bit map; c) associating with each accessor a unique identifier usable as an index into each group membership map to determine whether that accessor is a member of that group; d) evaluating an entitlement expression for the resource to determine the entitlement of the requesting accessor to the requested resource. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for determining accessor entitlement to a resource comprising:
-
a) a first means for storing a plurality of accessors and a unique identifier associated with each accessor; b) a second means for storing a plurality of unique accessor group names, each of the plurality of accessor group names having an associated membership map, the accessor identifier acting as an index into the accessor group membership maps for determining whether an accessor is a member of an accessor group, the membership maps being bit maps; and c) a processor means for determining whether an accessor is entitled to a resource in response to an accessor request for the resource by evaluating an entitlement expression for the resource, the entitlement expression including a reference to at least one accessor group. - View Dependent Claims (20, 21, 22)
-
-
23. In a system having a plurality of accessors and at least one resource, a computer program product comprising a computer useable medium having computer readable program code to direct the system to perform a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource comprising at least the following steps:
-
a) associating with the resource an entitlement expression, the entitlement expression including a reference to at least one membership map having membership information for the accessory, the at least one membership map being a bit map; b) associating with the accessor a unique identifier, the unique identifier acting as an index into each membership map; c) evaluating the entitlement expression for the resource to determine the entitlement of the requesting accessor to the resource, the evaluation including looking up the accessor'"'"'s membership information in the at least one membership map using the accessor'"'"'s unique identifier. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. In a system having a plurality of accessors, at least one group having a name and having zero or more accessors as members, and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
-
a) associating with the resource an entitlement expression including at least one group name; b) associating with each group a membership map indicating whether particular accessors are members of that group; c) associating with each group name a membership map identifier that represents the location of the membership map for the group; d) associating with each accessor a unique identifier usable as an index into each group membership map to determine whether that accessor is a member of that group; and e) evaluating an entitlement expression for the resource to determine the entitlement of the requesting accessor to the requested resource. - View Dependent Claims (31, 32, 33)
-
-
34. In a system having a plurality of accessors, at least one group having a name and having zero or more accessors as members, and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
-
a) associating with the resource an entitlement expression including at least one group name; b) associating with each group a membership map indicating whether particular accessors are members of that group; c) associating with each accessor a unique name and a unique identifier usable as an index into each group membership map to determine whether that accessor is a member of that group, each accessor'"'"'s name and unique identifier being stored in an accessor store; and d) evaluating an entitlement expression for the resource to determine the entitlement of the requesting accessor to the requested resource. - View Dependent Claims (35, 36, 37)
-
Specification