Policy validation in a LDAP directory
First Claim
1. A method for validating a set of records stored in a repository comprising:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records;
the record validator storing the resulting record validation information in the repository; and
a network element employing the record validation information;
wherein the step of verifying the validity of a set of records includes verifying that a relation constraint for at least one of the records in the set of records is satisfied.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and product for resource constrained network elements to validate a set of records in a network repository by verifying validation information stored in the repository by a record validator. A record validator with adequate computational resources validates one or more set of records in a repository such a network directory, and stores validation information records in the repository. The resource-constrained network elements run simple checks to verify the validation information records thus stored. The validation information records may include the modification or creation time of validated records in the repository. The network elements compare the time stored in the validation information records to the actual modification or creation time of records to verify validity information. Cryptographic signature for enhanced security, and validation status records may be used to ensure fault-tolerant behavior.
52 Citations
36 Claims
-
1. A method for validating a set of records stored in a repository comprising:
-
a record validator verifying the validity of the set of records and forming record validation information for each of the records;
the record validator storing the resulting record validation information in the repository; and
a network element employing the record validation information;
wherein the step of verifying the validity of a set of records includes verifying that a relation constraint for at least one of the records in the set of records is satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
the record validator verifying the validity of a second set of records including said at least one record and forming a second record validation information for said at least one record; and
storing the second record validation information in the repository.
-
-
13. A method as recited in claim 1, wherein the step of verifying the validity of a set of records further includes:
-
verifying that a schema constraint for a record in the set of records is satisfied;
verifying that a value constraint for a record in the set of records is satisfied; and
verifying that a consistency constraint for the set of records is satisfied.
-
-
14. A method as recited in claim 1, wherein the step of verifying the validity of a set of records includes verifying that a value constraint for a record in the set of records is satisfied.
-
15. A method as recited in claim 1, wherein the step of verifying the validity of a set of records includes verifying that a consistency constraint for the set of records is satisfied.
-
16. A method as recited in claim 1, wherein the repository is in a network and the step of verifying includes verifying that network policies are consistent and well-formed.
-
17. A repository of records comprising:
-
a storage module having a set of records;
a record validator to validate each record in the set of records and generate record validation information; and
a network element to employ the record validation information, by verifying that a relation constraint for at least one of the records in the set of records is satisfied. - View Dependent Claims (18)
-
-
19. A method for providing fault-tolerant third-party validation by a record validator in a repository comprising:
-
obtaining a set of records from the repository;
validating the set of records;
creating a validation status record indicating an in-progress validation status of the set of records;
forming validation information for the set of records;
storing the validation information in the repository; and
adding at least one reference to the in-progress validation status to the validation status record. - View Dependent Claims (20)
verifying that a schema constraint for at least one of the records is satisfied;
verifying that a value constraint for at least one of the records is satisfied;
verifying that a relation constraint for at least one of the records is satisfied; and
verifying that a consistency constraint for at least one of the records is satisfied.
-
-
21. A record validator for a repository comprising:
-
a record access subsystem to obtain and store records from the repository;
a record verification subsystem to verify a validity of a set of records, by verifying that a relation constraint for at least one of the records in the set of records is satisfied; and
a validation information generator to generate a set of record validation information to be stored in the repository.
-
-
22. A network element employing record validation information in a repository comprising:
-
a record access subsystem to obtain and store records from the repository;
a validation checker subsystem to obtain and verify a validity of a set of record validation information for at least one of the records, by verifying that a relation constraint for at least one of the records in the set of records is satisfied; and
a record user subsystem to use said at least one of the records if the validation checker subsystem verifies the set of record validation information to be valid.
-
-
23. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for validating a set of records stored in a repository, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect:
-
a record validator verifying the validity of the set of records and forming record validation information for each of the records by verifying that a relation constraint for at least one of the records in the set of records is satisfied;
the record validator storing the resulting record validation information in the repository; and
a network element employing the record validation information.
-
-
24. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing fault-tolerant third-party validation by a record validator in a repository, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect:
-
obtaining a set of records from the repository;
validating the set of records;
forming validation information for the set of records;
creating a validation status record indicating a present validation status of the set of records;
storing the validation information in the repository; and
adding at least one reference to the present validation status to the validation status record.
-
-
25. A method for a record validator to provide third-party validation of a set of records in a repository, the method comprising:
-
obtaining the set of records from the repository;
the validator validating the set of records;
creating a validation status record indicating an in-progress validation status of the set of records;
forming validation information for at least one of the records in the set of records;
storing the validation information for said at least one record in the repository; and
adding at least one reference to the in-progress validation status to the validation status record for said at least one record. - View Dependent Claims (26, 27)
repeating the steps of forming, storing and adding for at least one other record in the set of records; and
replacing the in-progress validation status with a completed validation status.
-
-
27. A method as recited in claim 25, wherein at least one of the steps includes employing a fault-tolerant implementation.
-
28. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing a record validator to provide third-party validation of a set of records in a repository, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect:
-
obtaining the set of records from the repository;
the validator validating the set of records;
creating a validation status record indicating an in-progress validation status of the set of records;
forming validation information for at least one of the records in the set of records;
storing the validation information for said at least one record in the repository; and
adding at least one reference to the in-progress validation status to the validation status record for said at least one record. - View Dependent Claims (29)
repeating the steps of forming, storing and adding for at least one other record in the set of records; and
replacing the in-progress validation status with a completed validation status.
-
-
30. A method comprising validating a set of records stored in a repository, the method including:
-
a record validator verifying the validity of the set of records and forming record validation information for each of the records by verifying that a relation constraint for at least one of the records in the set of records is satisfied;
the record validator storing the resulting record validation information in the repository; and
a network element retrieving at least one partial record from the set of records employing the record validation information.
-
-
31. An apparatus comprising a repository of records including:
-
a storage module having a set of records;
a record validator to validate each record in the set of records and generate record validation information; and
a network element to employ the record validation information by verifying that a relation constraint for at least one of the records in the set of records is satisfied, said network element being a partial record from the set of records.
-
-
32. A method for validating a set of records stored in a repository comprising:
-
a record validator verifying the validity of the set of records and forming record validation information for each of the records;
the record validator storing the resulting record validation information in the repository; and
a network element employing the record validation information;
wherein the step of storing record validation information comprises;
storing a validation record reference in a first record of the set of records;
creating a validation record for the first record in the repository;
creating a set information reference in the validation record; and
creating a set information record in the repository. - View Dependent Claims (33)
-
-
34. A method for validating a set of records stored in a repository comprising:
-
a record validator verifying the validity of the set of records and forming record validation information for each of the records;
the record validator storing the resulting record validation information in the repository; and
a network element employing the record validation information, wherein said step of employing includes comparing an entry time-stamp stored in the record validation with a time of modification or creation of at least one record.
-
-
35. A repository of records comprising:
-
a storage module having a get of records;
a record validator to validate each record in the set of records and generate record validation information, said record validator verifying that a relation constraint for at least one of the records in the set of records is satisfied; and
a network element to employ the record validation information.
-
-
36. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for validating a set of records stored in a repository, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect:
-
a record validator verifying the validity of the set of records and forming record validation information for each of the records, by verifying that a relation constraint for at least one of the records in the set of records is satisfied;
the record validator storing the resulting record validation information in the repository; and
a network element employing the record validation information.
-
Specification