Distributed database system with authoritative node
First Claim
1. A method of authorizing a session between a client and a first server using a second server that functions as a local distributed authorization server for authorizing session requests for the first server, the method comprising the computer-implemented steps of:
- (A) storing distributed resource allocation data that indicates whether the second server may locally authorize a session to be established for a particular entity between the client and the first server;
(B) storing data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for the particular entity;
(C) in response to receiving a request to establish a session between the client and the first server for the particular entity;
(D) determining, based on the distributed resource allocation data whether the session for the particular entity may be established between the client and the first server;
(E) if the session is not authorized based on the distributed resource allocation data, then communicating with the third server to determine whether the third server may authorize the session; and
(F) informing the first server that the session is authorized only upon determining that the session may be established for the particular entity.
0 Assignments
0 Petitions
Accused Products
Abstract
An authorizing apparatus for use with a client that connects to a first server in a network includes a second server that authorizes session requests of the client for the first server. Resource allocation data is available to the second server and indicates whether a session may be established between the client and the first server. The second server has information that associates an entity that is associated with one or more clients, and information that associates the second server to a third server that is authoritative for the second server and the associated clients. When a request to establish a session between the client and the first server is received, the second server determines, based on one of the records that is associated with the client, whether the session may be established when the client is associated with the entity. If not, the second server requests a global authorization server to determine whether a session is allowable. As a result, session management is resolved locally when possible, and over-subscription of clients to servers is prevented.
-
Citations
26 Claims
-
1. A method of authorizing a session between a client and a first server using a second server that functions as a local distributed authorization server for authorizing session requests for the first server, the method comprising the computer-implemented steps of:
-
(A) storing distributed resource allocation data that indicates whether the second server may locally authorize a session to be established for a particular entity between the client and the first server;
(B) storing data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for the particular entity;
(C) in response to receiving a request to establish a session between the client and the first server for the particular entity;
(D) determining, based on the distributed resource allocation data whether the session for the particular entity may be established between the client and the first server;
(E) if the session is not authorized based on the distributed resource allocation data, then communicating with the third server to determine whether the third server may authorize the session; and
(F) informing the first server that the session is authorized only upon determining that the session may be established for the particular entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
(G) storing, at the second server and the third server, local session authorization information and authoritative session authorization information, respectively;
(H) when the second server cannot authorize the session based on the local session authorization information, determining, at the third server and based on the authoritative session authorization information, whether the session may be established; and
(I) informing the first server that the session is authorized only when the authoritative session authorization information indicates that the session is authorized.
-
-
3. The method recited in claim 1, further comprising the steps of storing a local session threshold value that identifies a maximum number of sessions that may be locally authorized for the particular entity.
-
4. The method recited in claim 3, further comprising the steps of storing a local session counter that identifies a current number of sessions that are established with the first server for the particular entity.
-
5. The method recited in claim 1, wherein the first server is a network access server, and further comprising the steps of storing, at the network access server, a reference to a local distributed session counter that stores a local session threshold value that identifies a maximum number of sessions that may be locally authorized for the particular entity, and a local session counter that identifies a current number of sessions that are currently established by the first server for the particular entity.
-
6. The method recited in claim 5, further comprising storing, in the local distributed session counter, a name of a distributed session counter that is authoritative for the local distributed session counter.
-
7. The method recited in claim 1, further including the steps of associating with the third server as global session authorization information, a global session threshold value that identifies a maximum number of sessions that may be authorized for the particular entity, and a global session counter that identifies a total number of sessions that are currently established by all servers for the particular entity.
-
8. A method of authorizing a session between a client and a server using a local distributed session counter that authorizes session requests for the server, the method comprising the computer-implemented steps of:
-
(A) storing a plurality of records of resource allocation data, in which each record indicates whether a session may be established between the client and the server;
(B) storing an association of an entity that includes and is associated with one or more clients, and an association of the local distributed session counter to a global distributed session counter that is authoritative for the local distributed session counter and the associated clients;
(C) receiving a request to establish a session between the client and the server;
(D) determining from one of the records that is associated with the client, whether the session may be established when the client is associated with the entity; and
(E) informing the server that the session is authorized only upon determining from the one of the records that the session may be established. - View Dependent Claims (9, 10, 11, 12, 13, 14)
(F) storing, at the local distributed session counter and the global distributed session counter, local session authorization information and authoritative session authorization information, respectively;
(G) when the local distributed session counter cannot authorize the session based on the local session authorization information, determining, at the global distributed session counter and based on the authoritative session authorization information, whether the session may be established; and
(H) informing the first server that the session is authorized only when the authoritative session authorization information indicates that the session is authorized.
-
-
10. The method recited in claim 9, wherein step (F) includes storing a local session threshold value that identifies a maximum number of sessions that may be locally authorized.
-
11. The method recited in claim 10, further comprising the steps of storing a local session counter value that identifies a current number of sessions of the server.
-
12. The method recited in claim 8, wherein the server is a network access server, and further comprising the steps of storing, at the network access server, a reference to the local distributed session counter, and a local session counter that identifies a current number of sessions of the network access server.
-
13. The method recited in claim 8, wherein step (B) comprises storing a name of the distributed session counter that is authoritative for the local distributed session counter.
-
14. The method recited in claim 9, further including the steps of storing, as the global session authorization information, a global session threshold value that identifies a maximum number of sessions that may be authorized for all the clients, and a global session counter that identifies a current number of sessions of all the clients and all the servers.
-
15. A distributed authorization server apparatus for selectively authorizing telecommunication session requests among a client that connects to a first server in a network, the apparatus comprising:
-
stored distributed resource allocation data that indicates whether the server apparatus may locally authorize a session to be established for a particular entity between the client and the first server;
stored data that identifies a global authorization server for globally authorizing sessions for the particular entity;
means for receiving a request to establish a session between the client and the first server for the particular entity;
means for determining, based on the distributed resource allocation data, whether the session for the particular entity may be established between the client and the first server;
means for communicating with the global authorization server, only upon determining that the session cannot be authorized based on the distributed resource allocation data, to determine whether the global authorization server may authorize the session for the particular entity to be established between the client and the first server; and
means for informing the first server that the session is authorized only upon determining that the session may be established for the particular entity. - View Dependent Claims (16, 17, 18, 19, 20)
local session authorization information and authoritative session authorization information, respectively stored at the second server and the third server;
means for determining, at the global authorization server and based on the authoritative session authorization information, whether the session may be established; and
means for informing the first server that the session is authorized only when the authoritative session authorization information indicates that the session is authorized.
-
-
17. The apparatus recited in claim 15, further comprising means for storing a local session threshold value that identifies a maximum number of sessions that may be locally authorized for the particular entity.
-
18. The apparatus recited in claim 17, further comprising means for storing a local session counter that identifies a current number of sessions that are established with the first server for the particular entity.
-
19. The apparatus recited in claim 15, wherein the first server is a network access server, and further comprising means for, storing at the network access server, a reference to a local distributed session counter that stores a local session threshold value that identifies a maximum number of sessions that may be locally authorized for the particular entity, and a local session counter that identifies a current number of sessions that are currently established by the first server for the particular entity.
-
20. The apparatus recited in claim 15, further comprising means for associating with the third server as global session authorization information, a global session threshold value that identifies a maximum number of sessions that may be authorized for the particular entity, and a global session counter that identifies a total number of sessions that are currently established by all servers for the particular entity.
-
21. A local distributed session counter that authorizes session requests of a client for communication with a server in a network, comprising:
-
a plurality of stored records of resource allocation data, in which each record indicates whether a session may be established between the client and the server;
stored information that associates an entity that includes and is associated with one or more clients, and information that associates the local distributed session counter to a distributed session counter that is authoritative for the local distributed session counter and the associated clients;
means for receiving a request to establish a session between the client and the server;
means for determining, from one of the records that is associated with the client, whether the session may be established when the client is associated with the entity; and
means for authorizing the session only upon determining from the one of the records that the session may be established.
-
-
22. A computer-readable medium carrying one or more sequences of instructions for authorizing a session between a client and a first server using a second server that functions as a distributed authorization server for authorizing session requests, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
(A) storing distributed resource allocation data that indicates whether the second server may locally authorize a session to be established for a particular entity between the client and the first server;
(B) storing data that identifies a third server that has been designated as a global authorization server for globally authorizing sessions for the particular entity;
(C) in response to receiving a request to establish a session between the client and the first server for the particular entity;
(D) determining, based on the distributed resource allocation data, whether the session for the particular entity may be established between the client and the first server;
(E) upon determining that the session cannot be authorized based on the distributed resource allocation data, communicating with the third server to determine whether the third server may authorize the session for the particular entity; and
(F) informing the first server that the session is authorized only when the second server determines that the session may be established for the particular entity. - View Dependent Claims (23, 24, 25, 26)
-
Specification