Distributed database system with authoritative node
First Claim
1. A method of authorizing a session between a client and a first server, the method comprising the computer-implemented steps of:
- (A) storing, in the first server, data that identifies a second server as a distributed authorization server for authorizing session requests for the first server;
(B) storing, in the second server, distributed resource allocation data that indicates whether said second server may locally authorize a session to be established for a particular entity between the client and the first server;
(C) storing, at the second server, data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for said particular entity;
(D) in response to receiving a request to establish a session between the client and the first server for said particular entity, performing the steps of, (E) determining, at the second server based on said distributed resource allocation data whether the session for said particular entity may be established between the client and said first server;
(F) if said second server determines that said session cannot be authorized based on said distributed resource allocation data, said second server communicating with said third server to determine whether said third server may authorize said session for said particular entity to be established between said client and said first server; and
(G) informing the first server that the session is authorized only when the second server determines that the session may be established for said particular entity.
1 Assignment
0 Petitions
Accused Products
Abstract
An authorizing apparatus for use with a client that connects to a first server in a network is described. The authorizing apparatus includes a second server that authorizes session requests of the client for the first server. A plurality of records of resource allocation data is coupled with the second server. Each record indicates whether a session may be established between the client and the first server. Coupled to the second server is information that associates an entity that includes and is associated with one or more clients, and information that associates the second server to a third server that is authoritative for the second server and the associated clients. Means are provided for receiving a request to establish a session between the client and the first server and for determining, at the second server, based on one of the records that is associated with the client, whether the session may be established when the client is associated with the entity. Also provided are means for informing the first server that the session is authorized only when the second server determines from the one of the records that the session may be established. Although the first, second and third servers have been described as separate servers the functions performed by two or more of the servers may actually be combined in a single server unit.
-
Citations
20 Claims
-
1. A method of authorizing a session between a client and a first server, the method comprising the computer-implemented steps of:
-
(A) storing, in the first server, data that identifies a second server as a distributed authorization server for authorizing session requests for the first server;
(B) storing, in the second server, distributed resource allocation data that indicates whether said second server may locally authorize a session to be established for a particular entity between the client and the first server;
(C) storing, at the second server, data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for said particular entity;
(D) in response to receiving a request to establish a session between the client and the first server for said particular entity, performing the steps of, (E) determining, at the second server based on said distributed resource allocation data whether the session for said particular entity may be established between the client and said first server;
(F) if said second server determines that said session cannot be authorized based on said distributed resource allocation data, said second server communicating with said third server to determine whether said third server may authorize said session for said particular entity to be established between said client and said first server; and
(G) informing the first server that the session is authorized only when the second server determines that the session may be established for said particular entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An authorizing apparatus for use with a client that connects to a first server in a network, comprising:
-
said first server storing data that identifies a second server as a distributed authorization server for authorizing session requests for said first server;
the second server storing, distributed resource allocation data that indicates whether said second server may locally authorize a session to be established for a particular entity between the client and the first server; and
data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for said particular entity;
means for receiving a request to establish a session between the client and the first server for said particular entity;
means for determining, at the second server based on said distributed resource allocation data whether the session for said particular entity may be established between the client and said first server;
means for, if said second server determines that said session cannot be authorized based on said distributed resource allocation data, said second server communicating with said third server to determine whether said third server may authorize said session for said particular entity to be established between said client and said first server; and
means for informing the first server that the session is authorized only when the second server determines that the session may be established for said particular entity. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium carrying one or more sequences of instructions for authorizing a session between a client and a first server, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
(A) storing, in the first server, data that identifies a second server as a distributed authorization server for authorizing session requests for the first server;
(B) storing, in the second server, distributed resource allocation data that indicates whether said second server may locally authorize a session to be established for a particular entity between the client and the first server;
(C) storing, at the second server, data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for said particular entity;
(D) in response to receiving a request to establish a session between the client and the first server for said particular entity, performing the steps of, (E) determining, at the second server based on said distributed resource allocation data whether the session for said particular entity may be established between the client and said first server;
(F) if said second server determines that said session cannot be authorized based on said distributed resource allocation data, said second server communicating with said third server to determine whether said third server may authorize said session for said particular entity to be established between said client and said first server; and
(G) informing the first server that the session is authorized only when the second server determines that the session may be established for said particular entity. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method of authorizing session requests between a client and a first server, the method comprising the computer-implemented steps of:
-
receiving, at a distributed session counter, a first request message, wherein said first request message requests authorization for establishing a session between the client and the first server for a particular entity;
in response to receiving said first request message, said distributed session counter determining, based on locally stored resource allocation data, whether said distributed session counter may locally authorize said session to be established between said client and said first server for said particular entity;
if said distributed session counter determines that said session may be locally authorized by said distributed session counter, said distributed session counter transmitting a first authorization message to said first server that authorizes the establishment of said session between said client and said first server for said particular entity;
if said distributed session counter determines that said session may not be locally authorized by said distributed session counter, said distributed session counter transmitting a second request message to a global session counter that requests authorization to authorize the establishment of said session for said particular entity, wherein said global session counter is associated with global resource allocation data that identifies the total number of sessions that are currently established for said particular entity;
in response to receiving said second request message, said global session counter determining, based on said global resource allocation data, whether said global session counter should authorize said session to be established between said client and said first server for said particular entity;
if said global session counter determines that said session should be authorized, said global session counter transmitting a second authorization message to said distributed session counter, wherein said second authorization message authorizes said distributed session counter to authorize the establishment of said session between said client and said first server for said particular entity; and
if said global session counter determines that said session should not be authorized, said global session counter transmitting a non-authorization message to said distributed session counter, wherein said non-authorization message indicates that said distributed session counter is not authorized to authorize the establishment of said session between said client and said first server for said particular entity.
-
Specification