Distributed administration of access to information
First Claim
1. An access filter that administers objects including a plurality of information resources and controls access by a user to an information resource of the plurality, the access filter comprising:
- access control information including at least one object that specifies an explicitly-defined set of users, at least one object that specifies an explicitly-defined set of information resources, at least one object that specifies an explicitly-defined access policy, the access policy defining access by a defined set of users to a defined set of information resources, and at least one object that specifies an explicitly-defined administrative policy the administrative policy defining administrative access by a defined set of users to an object; and
an access checker that responds to a request by a user to access a resource or to administer an object by determining from the access control information whether the requesting user may access the requested resource or administer the requested object, the access checker being one of a plurality thereof in a network, having a local copy of the access control information, and employing the local copy to check access.
15 Assignments
0 Petitions
Accused Products
Abstract
A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check.
846 Citations
48 Claims
-
1. An access filter that administers objects including a plurality of information resources and controls access by a user to an information resource of the plurality, the access filter comprising:
-
access control information including at least one object that specifies an explicitly-defined set of users, at least one object that specifies an explicitly-defined set of information resources, at least one object that specifies an explicitly-defined access policy, the access policy defining access by a defined set of users to a defined set of information resources, and at least one object that specifies an explicitly-defined administrative policy the administrative policy defining administrative access by a defined set of users to an object; and
an access checker that responds to a request by a user to access a resource or to administer an object by determining from the access control information whether the requesting user may access the requested resource or administer the requested object, the access checker being one of a plurality thereof in a network, having a local copy of the access control information, and employing the local copy to check access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
the access control information further includes user identification information; and
the access checker employs the user identification information to authenticate the user before determining whether the access policy permits access.
-
-
3. The access filter set forth in claim 1 wherein:
-
the user employs a client to request access to the information resource;
the client includes a browser which display;
a list information resources accessible to the user according to the access policy; and
the access checker uses the access control information to determine which information resources are on the list for the browser.
-
-
4. The access filter set forth in claim 1 wherein:
the request may be a request to modify the object.
-
5. The access filter set forth in claim 1 wherein:
the request may be a request to modify a relationship between the object and another object.
-
6. The access filter set forth in claim 1 wherein:
the request may be a request to modify the administrative policy for the object.
-
7. The access filter set forth in any of claims 1 through 6 wherein:
the object is an access policy.
-
8. The access filter set forth in any of claims 1 through 6 wherein:
-
the object that specifies the set of users specifies the set as a subset of another set of users; and
the object that specifies the set of information resources specifies the set as a subset of another set of information resources.
-
-
9. The access filter set forth in any of claims 1 through 6 wherein:
the administered object specifies a user subset.
-
10. The access filter set forth in any of claims 1 through 6 wherein:
the administered object specifies a set of information resources.
-
11. The access filter set forth in claim 10 wherein:
-
an information resource has a sensitivity level associated therewith in the access policy information. the request to access an information resource has a trust level associated therewith, and the access checker permits access only if the trust level associated with the request to access the information resource is at least as high as the sensitivity level of the information resource; and
the request may be a request to assign a sensitivity level to an information resource belonging to the information subset.
-
-
12. The access filter set forth in claim 11 wherein:
-
a user has a mode of identification associated therewith in the access control information;
the trust level of the request to access the information resource is determined at least in part by a level of the mode of identification, and the request may be a request to assign a trust level to a mode of identification.
-
-
13. The access filter set forth in claim 11 wherein:
-
the trust level of the request to access the information resource is determined at least in part by a trust level of a portion of a path in a network between the user and a server in the network which provides the information resource; and
the request may be a request to assign a trust level to the portion.
-
-
14. The access filter set forth in claim 11 wherein:
-
the trust level of the request to access the information resource is determined at least in part by a trust level of an encryption method used to encrypt the request; and
the request may be a request to assign a trust level to an encryption method.
-
-
15. The access filter set forth in any one of claims 1 through 6 wherein:
the objects are available resources in a virtual network.
-
16. The access filter set forth in any one of claims 1 through 6 wherein:
-
the objects are organized hierarchically; and
an access policy for a given object applies to objects that are below the given object in the hierarchy to which the object belongs.
-
-
17. The access filter set forth in any one of claims 1 through 6 wherein:
- each access filter further comprises;
a policy editor which a member of an administrative user subset may use to make a modification of the local copy as permitted by the access control information; and
a distributor for providing the modification to the other access filters of the plurality.
- each access filter further comprises;
-
18. The access filter set forth in claim 17, wherein:
-
another of the access filters maintains a master copy of the access control information; and
the distributor provides the modification to the other access filter, receives a master copy with the modification from the other access filter, and makes the master copy the local copy.
-
-
19. The access filter set forth in any one of claims 1 through 6 wherein:
the access filter is implemented as an application program executing under an operating system.
-
20. The access filter set forth in any one of claims 1 through 6 wherein:
the access filter is implemented as a component of an operating system.
-
21. The access filter set forth in any one of claims 1 through 6 wherein:
the access filter is implemented as a component of a router in a network.
-
22. A data storage device for use in a system including a processor, the data storage device being characterized in that:
the data storage device contain code which, when executed in the processor, implements the access filter set forth in any one of claims 1 through 6.
-
23. An access control system that controls access by users to information resources, the access control system comprising:
-
access control information including at least one object that specifies an explictly-defined set of users as a subset of another set of users and at least one object that specifies an explicitly-defined set of information resources as a subset of another set of information resources, the sets of users and the sets of information resources being organized hierarchically according to their subset relations; and
at least one object that specifies an explicitly-defined access policy, the access policy defining access by a defined set of users to a defined set of information resources, an access policy for a given user subset and a given information resource subset applying to user sets that are below the given user set in the given user set'"'"'s hierarchy and to information resource subsets that are below the given information resource set in the given information resource set'"'"'s hierarchy; and
an access checker which responds to a request by a user for access to the information resource by determining from the access control information whether the requesting user may access the requested information resource. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
the access control system further controls administrative access to objects and the objects in the access control information further include at least one object that specifies an explicitly-defined administrative policy, the administrative policy defining access by a defined set of users to a defined object; and
the access checker responds to a request by a user to administer an object by determining from the access control information whether the requesting user may administer the requested object.
-
-
25. The access control system set forth in claim 24 wherein:
the request may be a request to modify the object.
-
26. The access control system set forth in claim 24 wherein:
the request may be a request to modify a relationship between the object and another object.
-
27. The access control system set forth in claim 24 wherein:
the request may be a request to modify the administrative policy for the object.
-
28. The access control system set forth in any one of claim 23 or 24 through 27 wherein:
the access control system is implemented as an application program executing under an operating system.
-
29. The access control system set forth in any one of claim 23 or 24 through 27 wherein:
the access control system is implemented as a component of an operating system.
-
30. The access control system set forth in any one of claim 23 or 24 through 27 wherein:
the access control system is implemented as a component of a router in a network.
-
31. The access control system set forth in any of claims 24 through 27 wherein:
the administered object is a user subset.
-
32. The access control system set forth in any of claims 24 through 27 wherein:
the administered object is an information resource subset.
-
33. The access control system set forth in any one of claims 24 through 27 wherein:
the administered objects are available resources in a network.
-
34. The access control system set forth in any one of claims 24 through 27 wherein:
an administrative policy for a given object applies to objects that are below the given object in the hierarchy to which the object belongs, whereby only an administrative policy that differs from an inherited administrative policy need be defined for a given user subset and a given object.
-
35. The access control system set forth in any one of claims 24 through 27 wherein:
the administered object defines an access policy.
-
36. The access control system set forth in claim 23 wherein the access checker further comprises:
an information resource information provider for a browser employed by the user to view a list of set of information resources accessible to the user, the information resource information provider using the access control information to provide information about which of the sets of information resources are accessible to the user to the browser.
-
37. A data storage device for use in a system including a processor, the data storage device being characterized in that:
the data storage device contains code which, when executed in the processor, implements the access control system set forth in any one of claim 23 or 24 through 27.
-
38. An administrative access control system that controls administration of objects by administrative users, the system comprising:
-
access control information including at least one object that specifies an explictly-defined set of users and at least another object, the objects being hierarchically organized, and at least a further object that specifies an explicitly-defined administrative policy defining access by a defined set of users to the other object, the administrative policy for a given object applying to objects that are below the given object in the hierarchy to which the object belongs; and
an access checker that responds to a request by the user for administrative access to the other object by determining from the access control information whether the requesting user may have administrative access to the requested object. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
the request may be a request to make administrative policy for the requested object.
-
-
40. The administrative access control system set forth in claim 38 wherein:
the request may be a request to modify the requested object.
-
41. The administrative access control system set forth in claim 38 wherein:
the request may be a request to modify a relationship between the requested object and another object.
-
42. The administrative access control system set forth in any of claims 38 through 41 wherein:
the requested object specifies a user set.
-
43. The administrative access control system set forth in any of claims 38 through 41 wherein:
the requested object specifies a set of information resources.
-
44. The administrative access control system set forth in any one of claims 38 through 41 wherein:
the other object specifies an available resource in a network.
-
45. The administrative access control system set forth in any one of claims 38 through 40 wherein:
the administrative access control system is implemented as an application program executing under an operating system.
-
46. The administrative access control system set forth in any one of claims 38 through 40 wherein:
the administrative access control system is implemented as a component of an operating system.
-
47. The administrative access control system set forth in any one of claims 41 through 40 wherein:
the administrative access control system is implemented as a component of a router in a network.
-
48. A data storage device for use in a system including a processor, the data storage device being characterized in that:
the data storage device contains code which, when executed in the processor, implements the administrative access control system set forth in any one of claims 38 through 39.
Specification