Method and apparatus for acquiring authorized access to resources in a distributed system
First Claim
Patent Images
1. A method in a computer system having a distributed directory, the method comprising the steps of:
- a) requesting by a requester access to a form, wherein the form is operable to be assembled dynamically from a data store and dynamically interact with the data store;
b) receiving by a broker the request;
c) accessing by the broker the distributed directory;
d) determining from the distributed directory whether a first object representing the requester has rights to access the form; and
e) if such rights exist, accessing the form by the requester.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer system has a management service, such as a distributed directory, having a plurality of objects and an access control mechanism. The computer system also has a resource, such as a data store, with a security system. A first object in the management service represents a requester and a second object represents the resource. A broker has access to the management service and the resource, and is operative to determine whether the first object has rights to access the second object, and if such rights exist, allow the requester to access the resource.
243 Citations
22 Claims
-
1. A method in a computer system having a distributed directory, the method comprising the steps of:
-
a) requesting by a requester access to a form, wherein the form is operable to be assembled dynamically from a data store and dynamically interact with the data store;
b) receiving by a broker the request;
c) accessing by the broker the distributed directory;
d) determining from the distributed directory whether a first object representing the requester has rights to access the form; and
e) if such rights exist, accessing the form by the requester. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system, comprising:
-
a) a management service having a plurality of objects and an access control mechanism;
b) a first object in the management service representing a requester, said first object having rights in the management service controlled by the access control mechanism;
c) a form having a security system, wherein the form is operative to dynamically interact with a data store;
d) a second object in the management service representing the form, access to said second object being controlled by the access control mechanism; and
e) a broker having access to the said management service and said form, said broker being operative to determine whether said first object has rights to access said second object, and if such rights exist to allow the requester to access the form. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer system, comprising
a) a plurality of interconnected nodes forming a network; -
b) a distributed directory operating on at least one of said nodes, said distributed directory having a plurality of objects;
c) an access control mechanism in the distributed directory;
d) a data store independent of the distributed directory, said data store being located on at least one of said nodes and having information;
e) a first object in the distributed directory representing a requester, said first object having rights controlled by the access control mechanism;
f) a second object in the distributed directory representing a form operative to be dynamically assembled at least partially from information included in the data store; and
g) a broker having access to the distributed directory and the data store, said broker being operative to determine from the distributed directory whether the first object has rights to access the second object, and if such rights exist allow the requester to access information included in the data store, such access to information being commensurate with access to the form represented by the second object. - View Dependent Claims (21, 22)
-
Specification