Method, system, and software for enterprise access management control

US 6,678,682 B1
Filed: 11/28/2000
Issued: 01/13/2004
Est. Priority Date: 11/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computer implemented method of providing enterprise access management control, comprising the steps of:

receiving respective access management control schemas from a plurality of registered applications;

centrally storing, in an access control data store, the respective received access management control schemas associated with their respective registered applications; and

providing, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access control data store, wherein the requesting one of the plurality of applications loads up the particular access control schema to control access to the application and components accessed by the application based on the particular access control schema.

View all claims

28 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and software for automated enterprise access management control includes an access manager service that receives access management control schemas from a plurality of registered application. An access management data store stores the received access management control schemas associated with their respective registered applications, and the access management service provides a respective access management control schema to a requesting one of the plurality of applications.

Citations

33 Claims

1. A computer implemented method of providing enterprise access management control, comprising the steps of:
- receiving respective access management control schemas from a plurality of registered applications;
  
  centrally storing, in an access control data store, the respective received access management control schemas associated with their respective registered applications; and
  
  providing, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access control data store, wherein the requesting one of the plurality of applications loads up the particular access control schema to control access to the application and components accessed by the application based on the particular access control schema.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer implemented method according to claim 1, further comprising the steps of:
3. The computer implemented method according to claim 1, wherein the access control schema includes access control rules that control access to at least one of data or actions.
4. The computer implemented method according to claim 1, further comprising the steps of:
- receiving an application identifier of one of the registered applications from an administrator; and
  
  generating and displaying an administrative user interface with the administrator'"'"'s choices limited by the content of the access control schema for the application identified by the application identifier.
5. The method according to claim 1, wherein the particular access control schema controls access to the requesting one of the plurality of applications at an application layer level.
6. The computer implemented method according to claim 2, further comprising the steps:
- receiving a request for a privilege set of a user of the registered application from the registered application; and
  
  returning the requested privilege set to the registered application.
7. The computer implemented method according to claim 3, wherein the access control schema includes privilege sets that are available for assignment to users.
8. The method according to claim 5, wherein the plurality of applications execute on a same host computer.
9. The computer implemented method according to claim 6, further comprising the step of the registered application verifying an action request from the user against the returned privilege set and granting or denying the action request based on the results of verifying the action request.
10. The computer implemented method according to claim 7, wherein the privilege sets are defined for principals that include users, companies, or roles.
11. The computer implemented method according to claim 10, wherein the access control rules define which actions are permissible for which principals.

12. A computer readable data storage medium having program code recorded thereon that, when executed, causes a computing system to provide enterprise access management control, the program code comprising:
- a first program code for receiving respective access management control schemas from a plurality of registered applications;
  
  a second program code for centrally storing, in an access control data store, the respective received access management control schemas associated with their respective registered applications; and
  
  a third program code for providing, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access control data store, wherein the requesting one of the plurality of applications loads up the particular access control schema to control access to the application and components accessed by the application based on the particular access control schema.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computer readable data storage medium according to claim 12, further comprising:
14. The computer readable data storage medium according to claim 12, wherein the access control schema includes access control rules that control access to at least one of data or actions.
15. The computer readable data storage medium according to claim 12, further comprising:
- a fourth program code that receives an application identifier from an administrator; and
  
  a fifth program code that generates and displays an administrative user interface with the administrator'"'"'s choices limited based on the content of the access control schema for the application identified by the application identifier.
16. The computer readable data storage medium according to claim 12, wherein the particular access control schema controls access to the requesting one of the plurality of applications at an application layer level.
17. The computer readable data storage medium according to claim 13, further comprising:
- a sixth program code that receives a request for a user privilege set of a user of the registered application from the registered application; and
  
  a seventh program code that returns the requested user privilege set to the registered application.
18. The computer readable data storage medium according to claim 14, wherein the access control schema includes privilege sets that are available for assignments to principals.
19. The computer readable data storage medium according to claim 16, wherein the plurality of applications execute on a same host computer.
20. The computer readable data storage medium according to claim 17, wherein the registered application verifies an action request from a user against the returned user privilege set and grants or denies the action request based on the results of verifying the action request.
21. The computer readable data storage medium according to claim 18, wherein the privilege sets are defined for principals that include users, companies, or roles.
22. The computer readable data storage medium according to claim 21, wherein the access control rules define which actions are permissible for which principals.

23. A system for automated enterprise access management control comprises:
- an access manager service that receives respective access management control schemas from a plurality of registered applications; and
  
  an access control data store that stores the respective received access management control schemas associated with the respective registered applications, wherein the access management service provides, from the access control data store, a particular access management control schema to a requesting one of the plurality of applications when the requesting one of the plurality of applications first loads up, wherein the particular access control schema is stored associated with the requesting one of the plurality of applications in the access management data store, wherein the requesting one of the plurality of applications loads up the particular access management control schema to control access to the application and components accessed by the application based on the particular access management control schema.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The system according to claim 23, wherein the access manager service receives privilege sets for users of registered applications, and stores the received privilege sets in the access control data store.
  - 25. The system according to claim 23, wherein the access management control schema includes access control rules that control access to at least one of data or actions.
  - 26. The system according to claim 23, further comprising an administrative user interface generator that receives an application identifier from an administrator and generates an administrative user interface with the administrator'"'"'s choices limited based on the content of the access management control schema for the application identified by the application identifier.
  - 27. The system according to claim 23, wherein the particular access management control schema controls access to the requesting one of the plurality of applications at an application layer level.
  - 28. The system according to claim 24, further comprising an access manager toolkit for a registered application that requests a privilege set for a user of the registered application,
- 29. The system according to claim 24, wherein the access manager toolkit of the registered application verifies an action request from a user against the returned privilege set to grant or deny access to the user based on results of the verification.
- 30. The system according to claim 25, wherein the access management control schema includes privilege sets that are available for assignment to principals.
- 31. The system according to claim 27, wherein the plurality of applications execute on a same host computer.
- 32. The system according to claim 30, wherein the privilege sets are defined for principals that include users, companies, or roles.
- 33. The system according to claim 32, wherein the access control rules define which actions are permissible for which users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GXS Incorporated (Open Text Corporation)
Original Assignee
GE Information Services, Inc. (Open Text Corporation)
Inventors
Jenkins, Carmen Murphy, Rae, Thomas, Powell, Vidisha
Primary Examiner(s)
Metjahic, Safet
Assistant Examiner(s)
AL HASHEMI, SANA A

Application Number

US09/722,611
Time in Patent Office

1,141 Days
Field of Search

707/9, 707/10, 707/5, 707/104.1, 707/102, 709/225, 705/83
US Class Current

1/1
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

Y10S 707/99939   Privileged access

Method, system, and software for enterprise access management control

First Claim

28 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and software for enterprise access management control

First Claim

28 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links