Method and apparatus for acquiring authorized access to resources in a distributed system

US 6,192,405 B1
Filed: 01/23/1998
Issued: 02/20/2001
Est. Priority Date: 01/23/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method in a computer system having a distributed directory, the method comprising the steps of:

a) requesting by a requester access to a form, wherein the form is operable to be assembled dynamically from a data store and dynamically interact with the data store;

b) receiving by a broker the request;

c) accessing by the broker the distributed directory;

d) determining from the distributed directory whether a first object representing the requester has rights to access the form; and

e) if such rights exist, accessing the form by the requester.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system has a management service, such as a distributed directory, having a plurality of objects and an access control mechanism. The computer system also has a resource, such as a data store, with a security system. A first object in the management service represents a requester and a second object represents the resource. A broker has access to the management service and the resource, and is operative to determine whether the first object has rights to access the second object, and if such rights exist, allow the requester to access the resource.

243 Citations

22 Claims

1. A method in a computer system having a distributed directory, the method comprising the steps of:
- a) requesting by a requester access to a form, wherein the form is operable to be assembled dynamically from a data store and dynamically interact with the data store;
  
  b) receiving by a broker the request;
  
  c) accessing by the broker the distributed directory;
  
  d) determining from the distributed directory whether a first object representing the requester has rights to access the form; and
  
  e) if such rights exist, accessing the form by the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as recited in claim 1, wherein the step of accessing the form comprises the step of displaying at least a portion of the data store to the requester.
  - 3. A method as recited in claim 2, wherein the step of displaying comprises the step of transmitting the form having information assembled from the data store.
  - 4. A method as recited in claim 3, wherein the broker assembles the information from the data store and transmits said information to the requester.
  - 5. A method as recited in claim 3, wherein the step of transmitting comprises the step of sending an electronic mail to the requester with the form embedded therein.
  - 6. A method as recited in claim 5, further comprising the steps of selecting by the requester the electronic mail, and launching a viewer to display the form.
  - 7. A method as recited in claim 1, wherein the step of accessing the form comprises the steps of modifying or adding information to the data store by the requester.
  - 8. A method as recited in claim 7, wherein the steps of modifying or adding information comprises the step of transmitting the form having such modified or added information.
  - 9. A method as recited in claim 8, wherein the requester transmits the form to the broker, and the broker writes the information to the data store.
  - 10. A method as recited in claim 1, wherein step (d) comprises the step of determining whether the first object has access rights to a second object representing the form.
  - 11. A computer readable medium comprising instructions capable of performing the method of claim 1.

12. A computer system, comprising:
- a) a management service having a plurality of objects and an access control mechanism;
  
  b) a first object in the management service representing a requester, said first object having rights in the management service controlled by the access control mechanism;
  
  c) a form having a security system, wherein the form is operative to dynamically interact with a data store;
  
  d) a second object in the management service representing the form, access to said second object being controlled by the access control mechanism; and
  
  e) a broker having access to the said management service and said form, said broker being operative to determine whether said first object has rights to access said second object, and if such rights exist to allow the requester to access the form.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. A computer system as recited in claim 12, wherein at least a portion of the form is acquired from the data store.
  - 14. A computer system as recited in claim 13, wherein the form has one or more fields corresponding to at least a portion of information in the data store.
  - 15. A computer system as recited in claim 14, wherein the form is in HTML format.
  - 16. A computer system as recited in claim 14, wherein the form is saved as a value of an attribute associated with the second object.
  - 17. A computer system as recited in claim 16, wherein the data store is a relational database.
  - 18. A computer system as recited in claim 12, wherein the broker is an electronic mail system.
  - 19. A computer system as recited in claim 12, further comprising an administrator program operable at least in part for extending object definitions in the distributed directory.

20. A computer system, comprisinga) a plurality of interconnected nodes forming a network;
- b) a distributed directory operating on at least one of said nodes, said distributed directory having a plurality of objects;
  
  c) an access control mechanism in the distributed directory;
  
  d) a data store independent of the distributed directory, said data store being located on at least one of said nodes and having information;
  
  e) a first object in the distributed directory representing a requester, said first object having rights controlled by the access control mechanism;
  
  f) a second object in the distributed directory representing a form operative to be dynamically assembled at least partially from information included in the data store; and
  
  g) a broker having access to the distributed directory and the data store, said broker being operative to determine from the distributed directory whether the first object has rights to access the second object, and if such rights exist allow the requester to access information included in the data store, such access to information being commensurate with access to the form represented by the second object.
- View Dependent Claims (21, 22)
- - 21. A computer system as recited in claim 20, wherein the first object is a user object.
  - 22. A computer system as recited in claim 20, wherein the broker is an electronic mail system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Bunnell, Karl Lee
Primary Examiner(s)
VU, VIET DUY

Application Number

US09/012,506
Time in Patent Office

1,124 Days
Field of Search

709/201, 709/202, 709/217, 709/206, 709/219, 709/223, 709/225, 709/224, 709/313, 709/315, 709/328, 709/329, 709/330, 707/10, 707/100, 707/103, 707/104, 707/501
US Class Current

709/225
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

Method and apparatus for acquiring authorized access to resources in a distributed system

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

243 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for acquiring authorized access to resources in a distributed system

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

243 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links