Centralized directory services supporting dynamic group membership

US 6,366,913 B1
Filed: 10/21/1998
Issued: 04/02/2002
Est. Priority Date: 10/21/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for use in connection with application and network services to provide a directory service that defines dynamic groups of directory members, the method comprising the steps of:

defining a directory search specification for a dynamic group based upon user attribute information, where said dynamic group is any set of users in which membership is dynamically determined and in which groups of users are defined by said directory search specification;

evaluating said directory search specification at a service delivery time;

determining whether information maintained in a directory matches said directory search specification;

delivering said service to said dynamic group;

providing a directory server to maintain information about users; and

providing a messaging server that maintains information about groups in said directory server;

wherein when said messaging server sends a search specification to said directory server which causes said directory server to return a set of users or group objects; and

wherein said message server then causes said message to be sent to each of the users or groups returned by said search.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method whereby application and network services (such as access control and electronic mailing list servers) can use a directory service to define groups of directory members using a directory search specification evaluated at service delivery time (dynamic group membership.) Traditionally, network services have been delivered to groups of users defined in relatively narrow manners: either by keeping a list of all users who are members of the group, or by attaching specific group membership attribute information to the information maintained about each specific user. Dynamic group membership allows these services to be delivered to groups of users who can be defined by a completely arbitrary specification of user attribute information. For example, electronic mail can be sent to a group of users whose office was located in a certain building (specifically, whose office location attribute matched a specific value.) Another example is that users may be permitted to access a network service, such as a printer, based on whether the printer is in the same building as the user (specifically, whether the printer'"'"'s location attribute matches the user'"'"'s office location attribute).

Citations

25 Claims

1. A method for use in connection with application and network services to provide a directory service that defines dynamic groups of directory members, the method comprising the steps of:
- defining a directory search specification for a dynamic group based upon user attribute information, where said dynamic group is any set of users in which membership is dynamically determined and in which groups of users are defined by said directory search specification;
  
  evaluating said directory search specification at a service delivery time;
  
  determining whether information maintained in a directory matches said directory search specification;
  
  delivering said service to said dynamic group;
  
  providing a directory server to maintain information about users; and
  
  providing a messaging server that maintains information about groups in said directory server;
  
  wherein when said messaging server sends a search specification to said directory server which causes said directory server to return a set of users or group objects; and
  
  wherein said message server then causes said message to be sent to each of the users or groups returned by said search.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising the step of:
3. The method of claim 2, wherein said expressions comprise any of:
- equal=where an instance of the attribute exactly matches the value;
  
  contains*which is used as a wild card to allow presence check, or partial matches;
  
  sounds like˜
  
  =which is used in name searches;
  
  greater or equal>
  
  =which is used for numerical comparisons;
  
  less or equal<
  
  =which is used for numerical comparisons;
  
  an ‘
  
  !’
  
  operator which is used to negate any expression; and
  
  ‘
  
  &
  
  ’
  
  (and) and ‘
  
  |’
  
  (or) operators which are used in combining expressions.
4. The method of claim 1, wherein said dynamic groups may use any of a dynamic group filter and a tree structure in the creation of groups.
5. The method of claim 4, wherein said dynamic group filter provides set management by creating sets of members in said directory using said members attributes.
6. The method of claim 4, wherein said tree structure comprises parameters that are used to determine what portion of said directory tree to search.
7. The method of claim 1, further comprising the step of:
- enumerating members of said dynamic group retrieving some piece of information on each group member.
8. The method of claim 7, wherein said group membership enumeration step further comprises the steps of:
- reading said group;
  
  retrieving membership criteria;
  
  initiating a subsequent search based on said membership criteria is initiated; and
  
  stepping through the results of said subsequent search to produce a membership list, along with any desired information for each member.
9. The method of claim 1, further comprising the step of:
- verifying membership in said dynamic group.
10. The method of claim 9, wherein said verifying step further comprises the step of:
- answering a query for a web page accessible only to members of a given group to ensure that a client requesting access is a member of said dynamic group in question.
11. The method of claim 1, further comprising the steps of:
- examining a purported group member'"'"'s entry to determine if it is within the scope of said group'"'"'s membership criteria; and
  
  searching said purported member'"'"'s entry with a filter corresponding to said group'"'"'s membership criteria;
  
  wherein a successful return indicates group membership and an unsuccessful return indicates no group membership.
12. The method of claim 1, wherein each user is represented as an inetOrgPerson object;
- andwherein a class of attributes mailRecipient object is combined with said inetOrgPerson object for a user to receive mail.
13. The method of claim 12, wherein said mailRecipient attributes define information which identifies any of the name of a messaging server that stores a user'"'"'s mail, a user identifier used by said user to login to a messaging server;
- and electronic mail addresses that identify a specific user.
14. The method of claim 1, wherein a dynamic group may contain other groups.

15. An apparatus for use in connection with application and network services to provide a directory service that defines dynamic groups of directory members, comprising:
- a directory search specification for a dynamic group based upon user attribute information, where said dynamic group is any set of users in which membership is dynamically determined and in which groups of users are defined by said directory search specification;
  
  means for evaluating said directory search specification at a service delivery time;
  
  means for determining whether information maintained in a directory matches said directory search specification;
  
  means for delivering said service to said dynamic group;
  
  a directory server to maintain information about users; and
  
  a messaging server that maintains information about groups in said directory server;
  
  wherein when said messaging server sends a search specification to said directory server which causes said directory server to return a set of users or group objects; and
  
  wherein said message server then causes said message to be sent to each of the users or groups returned by said search.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The apparatus of claim 15, further comprising:
17. The apparatus of claim 16, wherein said expressions comprise any of:
- equal=where an instance of the attribute exactly matches the value;
  
  contains*which is used as a wild card to allow presence check, or partial matches;
  
  sounds like ˜
  
  =which is used in name searches;
  
  greater or equal>
  
  =which is used for numerical comparisons;
  
  less or equal<
  
  =which is used for numerical comparisons;
  
  an ‘
  
  !’
  
  operator which is used to negate any expression; and
  
  ‘
  
  &
  
  ’
  
  (and) and ‘
  
  |’
  
  (or) operators which are used in combining expressions.
18. The apparatus of claim 15, wherein said dynamic groups may use any of a dynamic group filter and a tree structure in the creation of groups.
19. The apparatus of claim 18, wherein said dynamic group filter provides set management by creating sets of members in said directory using said members attributes.
20. The apparatus of claim 18, wherein said tree structure comprises parameters that are used to determine what portion of said directory tree to search.
21. The apparatus of claim 15, wherein members of said dynamic group retrieving some piece of information on each group member are enumerated.
22. The apparatus of claim 15, wherein membership in said dynamic group is verified.
23. The apparatus of claim 15, wherein each user is represented as an inetOrgPerson object;
- andwherein a class of attributes mailRecipient object is combined with said inetOrgPerson object for a user to receive mail.
24. The apparatus of claim 23, wherein said mailRecipient attributes define information which identifies any of the name of a messaging server that stores a user'"'"'s mail, a user identifier used by said user to login to a messaging server;
- and electronic mail addresses that identify a specific user.
25. The apparatus of claim 15, wherein a dynamic group may contain other groups.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Netscape Communications Corporation (Apollo Global Management, Inc.)
Inventors
Fitler, William H. Jr., Steinback, Bruce L., Howes, Timothy A.
Primary Examiner(s)
Corrielus, Jean M.

Application Number

US09/177,434
Time in Patent Office

1,259 Days
Field of Search

707/3, 707/10, 707/6, 707/9, 707/203, 709/225, 709/226, 709/201, 709/229, 709/206, 709/212, 709/242, 709/244, 379/10, 713/167, 705/42, 705/54
US Class Current

709/203
CPC Class Codes

G06Q 10/107   Computer-aided management o...

Y10S 707/959   Network

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99936   Pattern matching access

Y10S 707/99939   Privileged access

Y10S 707/99945   Object-oriented database st...

Centralized directory services supporting dynamic group membership

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized directory services supporting dynamic group membership

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links