Policy validation in a LDAP directory

US 6,581,093 B1
Filed: 10/29/1998
Issued: 06/17/2003
Est. Priority Date: 10/29/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for validating a set of records stored in a repository comprising:

a record validator verifying the validity of the set of records and forming record validation information for each of the records;

the record validator storing the resulting record validation information in the repository; and

a network element employing the record validation information;

wherein the step of verifying the validity of a set of records includes verifying that a relation constraint for at least one of the records in the set of records is satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and product for resource constrained network elements to validate a set of records in a network repository by verifying validation information stored in the repository by a record validator. A record validator with adequate computational resources validates one or more set of records in a repository such a network directory, and stores validation information records in the repository. The resource-constrained network elements run simple checks to verify the validation information records thus stored. The validation information records may include the modification or creation time of validated records in the repository. The network elements compare the time stored in the validation information records to the actual modification or creation time of records to verify validity information. Cryptographic signature for enhanced security, and validation status records may be used to ensure fault-tolerant behavior.

52 Citations

View as Search Results

36 Claims

1. A method for validating a set of records stored in a repository comprising:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records;
  
  the record validator storing the resulting record validation information in the repository; and
  
  a network element employing the record validation information;
  
  wherein the step of verifying the validity of a set of records includes verifying that a relation constraint for at least one of the records in the set of records is satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as recited in claim 1, wherein the repository is a network directory.
  - 3. A method as recited in claim 2, wherein the network directory supports LDAP.
  - 4. A method as recited in claim 1, wherein the step of storing includes storing separate record validation information for each of the records in the set.
  - 5. A method as recited in claim 4, wherein the record validation information for at least one of the records in the set includes a time of creation or modification of the record.
  - 6. A method as recited in claim 4, wherein the record validation information for at least one record includes a checksum.
  - 7. A method as recited in claim 5, wherein the record validation information for at least one record includes a cryptographic signature having the time of creation or modification of said at least one of the records.
  - 8. A method as recited in claim 4, wherein the record validation information for at least one of the records is stored in a new record in the repository.
  - 9. A method as recited in claim 8, wherein the step of storing comprises modifying said at least one of the records to include a reference to the new record.
  - 10. A method as recited in claim 8, wherein the new record includes a time of creation or modification of said at least one of the records.
  - 11. A method as recited in claim 8, wherein the new record includes a reference to a set information record.
  - 12. A method as recited in claim 11, said method further comprising:
13. A method as recited in claim 1, wherein the step of verifying the validity of a set of records further includes:
- verifying that a schema constraint for a record in the set of records is satisfied;
  
  verifying that a value constraint for a record in the set of records is satisfied; and
  
  verifying that a consistency constraint for the set of records is satisfied.
14. A method as recited in claim 1, wherein the step of verifying the validity of a set of records includes verifying that a value constraint for a record in the set of records is satisfied.
15. A method as recited in claim 1, wherein the step of verifying the validity of a set of records includes verifying that a consistency constraint for the set of records is satisfied.
16. A method as recited in claim 1, wherein the repository is in a network and the step of verifying includes verifying that network policies are consistent and well-formed.

17. A repository of records comprising:
- a storage module having a set of records;
  
  a record validator to validate each record in the set of records and generate record validation information; and
  
  a network element to employ the record validation information, by verifying that a relation constraint for at least one of the records in the set of records is satisfied.
- View Dependent Claims (18)
- - 18. A repository as recited in claim 17, wherein the repository is a network directory.

19. A method for providing fault-tolerant third-party validation by a record validator in a repository comprising:
- obtaining a set of records from the repository;
  
  validating the set of records;
  
  creating a validation status record indicating an in-progress validation status of the set of records;
  
  forming validation information for the set of records;
  
  storing the validation information in the repository; and
  
  adding at least one reference to the in-progress validation status to the validation status record.
- View Dependent Claims (20)
- - 20. A method as recited in claim 19, wherein the step of validating includes:

21. A record validator for a repository comprising:
- a record access subsystem to obtain and store records from the repository;
  
  a record verification subsystem to verify a validity of a set of records, by verifying that a relation constraint for at least one of the records in the set of records is satisfied; and
  
  a validation information generator to generate a set of record validation information to be stored in the repository.

22. A network element employing record validation information in a repository comprising:
- a record access subsystem to obtain and store records from the repository;
  
  a validation checker subsystem to obtain and verify a validity of a set of record validation information for at least one of the records, by verifying that a relation constraint for at least one of the records in the set of records is satisfied; and
  
  a record user subsystem to use said at least one of the records if the validation checker subsystem verifies the set of record validation information to be valid.

23. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for validating a set of records stored in a repository, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records by verifying that a relation constraint for at least one of the records in the set of records is satisfied;
  
  the record validator storing the resulting record validation information in the repository; and
  
  a network element employing the record validation information.

24. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing fault-tolerant third-party validation by a record validator in a repository, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect:
- obtaining a set of records from the repository;
  
  validating the set of records;
  
  forming validation information for the set of records;
  
  creating a validation status record indicating a present validation status of the set of records;
  
  storing the validation information in the repository; and
  
  adding at least one reference to the present validation status to the validation status record.

25. A method for a record validator to provide third-party validation of a set of records in a repository, the method comprising:
- obtaining the set of records from the repository;
  
  the validator validating the set of records;
  
  creating a validation status record indicating an in-progress validation status of the set of records;
  
  forming validation information for at least one of the records in the set of records;
  
  storing the validation information for said at least one record in the repository; and
  
  adding at least one reference to the in-progress validation status to the validation status record for said at least one record.
- View Dependent Claims (26, 27)
- - 26. The method as recited in claim 25, further comprising:
27. A method as recited in claim 25, wherein at least one of the steps includes employing a fault-tolerant implementation.

28. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing a record validator to provide third-party validation of a set of records in a repository, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect:
- obtaining the set of records from the repository;
  
  the validator validating the set of records;
  
  creating a validation status record indicating an in-progress validation status of the set of records;
  
  forming validation information for at least one of the records in the set of records;
  
  storing the validation information for said at least one record in the repository; and
  
  adding at least one reference to the in-progress validation status to the validation status record for said at least one record.
- View Dependent Claims (29)
- - 29. A computer program product as recited in claim 28, the computer readable program code means in said computer program product further comprising computer readable program code means for causing a computer to effect:

30. A method comprising validating a set of records stored in a repository, the method including:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records by verifying that a relation constraint for at least one of the records in the set of records is satisfied;
  
  the record validator storing the resulting record validation information in the repository; and
  
  a network element retrieving at least one partial record from the set of records employing the record validation information.

31. An apparatus comprising a repository of records including:
- a storage module having a set of records;
  
  a record validator to validate each record in the set of records and generate record validation information; and
  
  a network element to employ the record validation information by verifying that a relation constraint for at least one of the records in the set of records is satisfied, said network element being a partial record from the set of records.

32. A method for validating a set of records stored in a repository comprising:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records;
  
  the record validator storing the resulting record validation information in the repository; and
  
  a network element employing the record validation information;
  
  wherein the step of storing record validation information comprises;
  
  storing a validation record reference in a first record of the set of records;
  
  creating a validation record for the first record in the repository;
  
  creating a set information reference in the validation record; and
  
  creating a set information record in the repository.
- View Dependent Claims (33)
- - 33. A method as recited in claim 32, wherein the validation record includes an entry time-stamp specifying when the first record was created or modified.

34. A method for validating a set of records stored in a repository comprising:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records;
  
  the record validator storing the resulting record validation information in the repository; and
  
  a network element employing the record validation information, wherein said step of employing includes comparing an entry time-stamp stored in the record validation with a time of modification or creation of at least one record.

35. A repository of records comprising:
- a storage module having a get of records;
  
  a record validator to validate each record in the set of records and generate record validation information, said record validator verifying that a relation constraint for at least one of the records in the set of records is satisfied; and
  
  a network element to employ the record validation information.

36. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for validating a set of records stored in a repository, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect:
- a record validator verifying the validity of the set of records and forming record validation information for each of the records, by verifying that a relation constraint for at least one of the records in the set of records is satisfied;
  
  the record validator storing the resulting record validation information in the repository; and
  
  a network element employing the record validation information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Verma, Dinesh Chandra
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
DUONG, OANH

Application Number

US09/182,281
Time in Patent Office

1,692 Days
Field of Search

705/51, 705/59, 709/220-229, 709/200, 709/201, 709/102, 709/210-219, 713/176, 713/178, 713/180, 700/2
US Class Current

709/220
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 63/0263   Rule management

H04L 63/123   received data contents, e.g...

Policy validation in a LDAP directory

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Policy validation in a LDAP directory

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links