Method and apparatus for securely and dynamically managing user roles in a distributed system
First Claim
1. A method for managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the method comprising;
modifying an attribute database in order to create modifications, wherein the attribute database includes a plurality of possible user attributes and a data structure identifying a plurality of users;
obtaining an identity certificate from a certificate authority;
associating the identity certificate with a user from the plurality of users within the attribute database, thus creating more of the modifications;
assigning an attribute from the plurality of possible user attributes to the user;
storing the attribute assigned to the user into the attribute database, thus creating more of the modifications; and
distributing the modifications to the attribute database to a plurality of hosts coupled together by a networks;
wherein the user is granted access rights based on the attribute and the identity certificate.
14 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for managing user attributes that determines access rights in a distributed computing system. The system modifies an attribute database, wherein the attribute database includes a plurality of possible user attributes and a plurality of users. Next, for a given user the system obtains an identity certificate from a certificate authority. This identity certificate is associated with a user from the attribute database. The system also assigns an attribute to the user from the possible user attributes, whereby the user is granted access rights based on the attribute and the identity certificate. This attribute is stored in the attribute database. Finally, modifications to the attribute database are distributed to a plurality of hosts coupled together by a network.
79 Citations
24 Claims
-
1. A method for managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the method comprising;
modifying an attribute database in order to create modifications, wherein the attribute database includes a plurality of possible user attributes and a data structure identifying a plurality of users;
obtaining an identity certificate from a certificate authority;
associating the identity certificate with a user from the plurality of users within the attribute database, thus creating more of the modifications;
assigning an attribute from the plurality of possible user attributes to the user;
storing the attribute assigned to the user into the attribute database, thus creating more of the modifications; and
distributing the modifications to the attribute database to a plurality of hosts coupled together by a networks;
wherein the user is granted access rights based on the attribute and the identity certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- the method comprising;
-
9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the method comprising;
modifying an attribute database in order to create modifications, wherein the attribute database includes a data structure identifying a plurality of possible user attributes and a plurality of users;
obtaining an identity certificate from a certificate authority;
associating the identity certificate with a user from the plurality of users within the attribute database, thus creating more of the modifications;
assigning an attribute from the plurality of possible user attributes to the user;
storing the attribute assigned to the user into the attribute database, thus creating more of the modifications; and
distributing the modifications to the attribute database to a plurality of hosts coupled together by a network;
wherein the user is granted access rights based on the attribute and the identity certificate. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- the method comprising;
-
17. An apparatus that facilitates managing user attributes in a distributed computing system, wherein user attributes determine access rights to a computer application:
- the apparatus comprising;
a modifying mechanism configured to modify an attribute database in order to create modifications, wherein the attribute database includes a data structure identifying a plurality of possible user attributes and a plurality of users;
an identity certificate obtaining mechanism configured to obtain an identity certificate from a certificate authority;
an associating mechanism configured to associated the identity certificate with a user from the plurality of users within the attribute database, thus creating more of the modifications;
an assigning mechanism configured to assign an attribute from the plurality of possible user attributes to the user;
a storing mechanism configured to store the attribute assigned to the user into the attribute database, thus creating more of the modifications; and
a distributing mechanism that is configured to distribute the modifications to the attribute database to a plurality of hosts coupled together by a network;
wherein the user is granted access rights based on the attribute and the identity certificate. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- the apparatus comprising;
Specification